| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ThinkPoint vollständig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.11.2010, 21:34
| #1 |
 |  ThinkPoint vollständig entfernt? Ich habe mir vor einigen Tagen den ThinkPoint eingefangen und ihm dann blöderweise auch erlaubt, sich auf meinem Rechner breit zu machen. Gemäß eurer Anleitung habe ich mit rkill und Malwarebytes Anti-Malware das Gröbste entfernen können. Ein paar Tage später, fing der Computer dann aber an im Browser auf andere Seiten umzuleiten, die sofort vom Firefox oder Virenscanner blockiert wurden. Zudem kam immer wieder die Meldung "hostprozess für windows dienste funktioniert nicht mehr". Auch die Windows Updates funktionieren manchmal nicht. Der Virenscanner kam ständig mit einer Meldung hoch. Ich habe dann gestern nochmal SUPERAntiSpyware laufen lassen, was auch nochmal über 50 Objekte gefunden hat. Der Browser verhält sich seitdem normal, die Hostprozesse stürzen weiterhin manchmal ab. Ein weiterer Quickscan mit Anti-Malware mir vorherigem kill aller Prozesse mit OTH brachte keine neuen Funde. Log Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5054
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
05.11.2010 23:32:25
mbam-log-2010-11-05 (23-32-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 528465
Laufzeit: 3 Stunde(n), 9 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Gbot) -> Data: c:\users\jonas\appdata\local\temp\dwm.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Program Files\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Program Files\dektop-games\DESKTOP.EXE (Joke.Stressreducer) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[2].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\3[1].exe (Rootkit.TDSS) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\erztbwqyg[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtbwqys[1].htm (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtovqub[1].htm (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\imdysnucxe[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\2[1].exe (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\iyghyu.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\jehw.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\dwm.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> No action taken.
C:\Users\Jonas\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> No action taken.
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/13/2010 at 09:35 PM
Application Version : 4.45.1000
Core Rules Database Version : 5857
Trace Rules Database Version: 3669
Scan type : Complete Scan
Total Scan Time : 04:08:34
Memory items scanned : 783
Memory threats detected : 0
Registry items scanned : 12196
Registry threats detected : 0
File items scanned : 384540
File threats detected : 55
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[4].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@edge.download.newmedia.nacamar[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.zanox-affiliate[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.zanox[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yn-ads[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@xiti[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad2.adfarm1.adition[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@microsoftsto.112.2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@avgtechnologies.112.2o7[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.gruenderszene[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.youporn[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.medienhaus[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@data.coremetrics[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[6].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adc-serv[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@webmasterplan[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@imrworldwide[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.hannoversche[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@nacamar.adbureau[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.traffictrack[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@de.sitestat[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[9].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@youporn[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@4stats[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.quisma[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox-affiliate[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[3].txt
atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
bc.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
files.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
icq.oberon-media.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
m.de.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
media1.break.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
multimedia.metacafe [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
richmedia.coolespiele.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
spe.atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
static.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
track.webgains.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
Trojan.Agent/Gen-Deskryp
C:\USERS\***\APPDATA\LOCAL\TEMP\3.EXE
Code:
ATTFilter OTL logfile created on: 14.11.2010 20:58:35 - Run 1 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Miranda IM\miranda32.exe ( ) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe File not found SRV - (AMService) -- C:\Windows\TEMP\ysin\setup.exe File not found SRV - ({B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found SRV - ({1E4009C0-5F19-403F-B87270576C4E742B}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (cvslock) -- C:\Program Files\CVSNT\cvslock.exe () SRV - (cvsnt) -- C:\Program Files\CVSNT\cvsservice.exe (March Hare Software Ltd) SRV - (Apache2) -- C:\Program Files\XAMPP\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (XAMPP) -- C:\Programme\XAMPP\xampp\service.exe () ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found DRV - (VHidMinidrv) -- C:\Windows\System32\drivers\VHIDMini.sys File not found DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (iMSPQMn) -- C:\Users\***\AppData\Local\Temp\iMSPQMn.sys File not found DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys File not found DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys File not found DRV - (BlueletAudio) -- C:\Windows\System32\DRIVERS\blueletaudio.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (hotcore2) -- C:\Windows\system32\drivers\hotcore2.sys (Paragon Software Group) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (qkbfiltr) -- C:\Windows\System32\drivers\qkbfiltr.sys (Quanta Computer Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2 FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.09 21:42:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.06 09:36:25 | 000,000,000 | ---D | M] [2008.11.13 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions [2010.03.04 08:32:05 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.10.09 15:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.05.26 07:50:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.03 22:48:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.04.16 18:09:04 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.03.04 08:32:04 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.03.04 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010.07.10 15:33:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009.07.03 09:39:16 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.11.07 10:03:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.19 10:06:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2008.05.08 22:42:16 | 000,000,000 | ---D | M] (Header Monitor) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648} [2010.11.14 15:20:15 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.09.07 15:35:24 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8} [2010.05.07 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\firebug@software.joehewitt.com [2009.06.28 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\LogMeInClient@logmein.com [2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.03 14:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.03 14:17:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.09.24 11:01:00 | 002,650,112 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npRACtrl.dll [2007.08.06 11:07:00 | 000,008,784 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ractrlkeyhook.dll [2007.07.18 13:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\unicows.dll [2010.03.13 12:11:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:11:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:11:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:11:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:11:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Keyboard Manager Utility] c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk = C:\Programme\Miranda IM\miranda32.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: j-breuer.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (setuid) - C:\Windows\System32\setuid.dll (March-Hare Software Ltd) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2000.12.21 15:54:08 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2000.12.21 15:54:08 | 000,032,768 | R--- | M] () O33 - MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell - "" = AutoRun O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\Shell\AutoRun\command - "" = F:\starter.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.14 15:21:55 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.11.13 17:23:41 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.11.10 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2010.11.10 21:10:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.11.10 21:10:00 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.10 21:10:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.11.10 21:09:05 | 000,000,000 | ---D | C] -- C:\Programme\QLandkarteGT [2010.11.10 21:08:32 | 000,000,000 | ---D | C] -- C:\Programme\FWTools2.4.7 [2010.11.05 20:48:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.05 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.05 19:51:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.05 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.05 19:50:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.03 19:52:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\QuickPar [2010.11.03 19:51:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar [2010.10.31 14:31:30 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001 [2010.10.31 14:31:30 | 000,000,000 | ---D | C] -- C:\Programme\LAWICEL [2010.10.31 14:29:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.10.31 14:29:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.10.31 11:27:42 | 000,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll [2010.10.31 11:27:42 | 000,185,664 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\FTLang.dll [2010.10.31 11:27:42 | 000,120,128 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftbusui.dll [2010.10.31 11:27:42 | 000,072,000 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys [2010.10.31 11:27:42 | 000,057,536 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys [2010.10.31 11:27:42 | 000,051,528 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftserui2.dll [2010.10.31 11:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Received Files [2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\skins [2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\docs [2010.10.29 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda [2010.10.29 22:18:19 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM [2010.10.29 16:37:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL [2010.10.29 16:36:45 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.10.25 20:41:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job [2010.11.14 17:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.14 17:07:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.14 16:03:38 | 000,002,753 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2010.11.14 16:03:19 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.14 16:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.14 16:02:42 | 2137,169,920 | -HS- | M] () -- C:\hiberfil.sys [2010.11.14 16:01:35 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.14 15:23:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2010.11.11 17:21:08 | 000,680,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.11 17:21:08 | 000,643,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.11 17:21:08 | 000,133,088 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.11 17:21:08 | 000,116,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.06 00:18:54 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.11.05 23:40:22 | 197,318,901 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.05 20:51:33 | 003,903,424 | ---- | M] () -- C:\Users\***\Desktop\cofi.exe [2010.11.05 20:49:51 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.05 19:51:30 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.05 18:59:36 | 000,000,006 | ---- | M] () -- C:\Users\***\AppData\Roaming\start [2010.11.05 18:19:45 | 000,071,168 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 22:15:31 | 000,000,865 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk [2010.11.04 16:02:19 | 000,000,956 | ---- | M] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2010.10.31 14:59:34 | 000,000,854 | ---- | M] () -- C:\Windows\ODBC.INI [2010.10.31 14:31:47 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.10.31 14:31:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.16 19:11:02 | 000,000,553 | ---- | M] () -- C:\Users\***\Desktop\MapSource.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.14 17:11:34 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job [2010.11.05 20:49:40 | 003,903,424 | ---- | C] () -- C:\Users\***\Desktop\cofi.exe [2010.11.05 19:51:30 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.05 19:45:40 | 197,318,901 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.05 18:44:30 | 000,000,006 | ---- | C] () -- C:\Users\***\AppData\Roaming\start [2010.11.04 22:15:31 | 000,000,865 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk [2010.11.02 19:50:13 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.31 14:31:31 | 000,077,824 | ---- | C] () -- C:\Windows\System32\canusbdrv.dll [2010.10.29 22:34:22 | 000,200,704 | ---- | C] () -- C:\tipper.dll [2010.10.16 19:11:02 | 000,000,553 | ---- | C] () -- C:\Users\***\Desktop\MapSource.lnk [2010.10.12 13:12:18 | 000,000,101 | ---- | C] () -- C:\Users\***\AppData\Roaming\wgnuplot.ini [2010.10.10 11:49:36 | 000,000,369 | ---- | C] () -- C:\Windows\Sim7.ini [2010.10.10 08:47:15 | 000,000,956 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2010.08.18 11:50:14 | 000,001,771 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.Exception.log [2010.08.13 08:43:50 | 000,001,602 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2009.07.06 23:07:19 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.06.05 20:18:39 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2009.06.05 19:46:18 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.05.28 16:31:46 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL [2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll [2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll [2009.05.28 16:31:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll [2009.04.26 14:47:39 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2009.04.26 14:47:39 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2008.11.10 13:18:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008.09.25 13:21:34 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2008.06.25 17:45:56 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.06.25 17:45:56 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.06.25 17:45:56 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.06.05 18:42:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.06.05 18:42:09 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.06.05 18:42:09 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.05 18:42:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.05 18:42:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.04.12 09:47:59 | 000,000,069 | ---- | C] () -- C:\Windows\EasyCash.ini [2008.04.12 09:40:49 | 000,000,137 | ---- | C] () -- C:\Windows\EasyCT.INI [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2007.11.22 17:37:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.11.02 23:52:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007.11.02 23:17:24 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2007.10.19 20:00:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.10.06 19:48:32 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2007.09.23 16:06:54 | 000,004,863 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2007.09.20 06:32:39 | 000,000,854 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.20 06:32:38 | 000,001,638 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.09.19 20:33:40 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe [2007.09.19 20:33:23 | 000,071,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.19 17:28:49 | 004,239,360 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2007.09.19 17:28:49 | 000,008,192 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2007.08.30 21:06:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.30 21:06:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.08.30 21:03:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2007.08.30 14:10:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.08.24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1999.01.23 02:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2008.09.25 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT [2010.10.10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansoft [2010.06.09 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2010.08.02 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5 [2010.11.14 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.05.15 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EditPlus 2 [2010.03.03 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2010.10.28 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.05.13 23:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2008.05.28 22:14:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron [2010.10.09 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2008.12.01 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2007.10.06 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2010.10.30 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.10.29 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2010.09.15 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBackup [2007.11.02 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.08.18 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2008.08.20 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Soldat [2010.03.14 10:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2009.07.05 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2007.10.06 15:42:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\winpt [2010.11.14 17:27:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.11.2010 20:58:35 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2911781667-3860858085-696909929-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D036F1-7CBF-4D73-BE65-0AE69EEA6570}" = rport=445 | protocol=6 | dir=out | app=system |
"{0FD90608-2AB8-414B-8755-5FC10AE335D3}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{12D09895-0E50-4AA4-878B-6B3DA42CB2AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{263371CB-457F-4A88-9F21-5223CD5495F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A6B6118-A588-460B-B1D7-F08AE0C8D3B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{34325D21-122B-4D4F-96C6-A2CF8BC3C49A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F8BB26F-2178-4939-AEF0-968BE5BEF451}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{5FE616D9-950E-4365-B35C-EEF5CEA9028B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{612F93E0-46D5-40A6-84E6-A435AE0E08D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62EF8489-007E-4387-90F7-EBD2F852F0B3}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{80686A3C-100F-4B2B-87B9-6D459B871B55}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EFD9157-244C-4828-8FE5-D8FAF0607A38}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEA04196-565C-4FEE-AF6F-761893DF75FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6372AE6-AD0A-4E0A-BB83-92E54F8605EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09426128-B9B3-4DC4-8B28-8ACDC6AE907B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0FF0A11E-FBAD-4AAB-BD81-5E9D1AC60723}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{177452C9-349A-4EFF-A0E4-4635BE6C09C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19A744EB-7B7E-4BB7-88C5-67E04AAD7EFE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1B778EF4-14E8-41AD-BC4A-CAEAC6F0913C}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe |
"{1E193193-99EC-42F0-B4A4-292661885E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23CD5DBF-C897-496B-9E2B-F15C1B3366E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39DFE761-CFAF-4ABB-930B-A7C2DF6893A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DC2DF6C-E3C1-42EF-944A-97A2DD01BBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47A87006-DE44-4587-AAC3-903D6B77980E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4CA28414-8CFD-441E-BD99-8C4F4F1C45A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54ABE352-6465-46B2-8A63-605EEBDABF93}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{54EC5F90-80AB-4738-ACB0-51738C71D452}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{602E396A-7C41-4F91-A3E7-F389423A52ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6318D706-CCC7-490A-B27E-7EBD1117D8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66FFDC1D-ED3C-4762-8C50-3EB94C0877FD}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{733ED17F-BA61-41DF-B016-390DECDC169F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{739DFCFD-9B1D-48D6-B109-7CDF73D5A105}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78F52C73-4BFF-4419-81A0-6310A9311C82}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe |
"{7C13F438-8F88-4C1B-B3EC-B9AA4691F425}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7EC8C090-E40B-4C1D-B2CA-F4E053AF45E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8117545A-224D-48FA-AAC2-05B004AAB5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{831A408A-EB2E-4BCD-9E1F-DA0B275ABD18}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{83837233-078D-4DE3-89C3-8BC13B5A7C28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8AEDEF1D-96CA-4D08-B3FB-15EFD05B561B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EAB2253-D020-4510-AA5E-3F43BAC19EA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{929315D2-CE58-4C74-906B-48F3CEA5405D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9B54184C-50E5-47D4-9C9C-42521E7CA6EF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9E845B14-96C1-4856-B322-87F85F08CD11}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A3BCAA6B-44E9-4CF2-9838-0830FFCEDAEB}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A66D3810-06C9-4C33-BF9E-467EC85204F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B09CD212-E88C-4CE2-BEE5-CD30865A3E4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4041EAB-AEED-46D5-B9B3-CC48E8E14994}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB512344-7C03-4E01-AF71-CBB56B1F4C0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF7FF65B-9169-4A1B-97CA-B03DE6A43C91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFC14F0B-23C6-4DAB-A290-5012559EB89D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD93F300-3200-419B-A3FE-E1DC0D5865A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D40C6460-6B91-4A5E-AC36-E9170F309929}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA2580D5-80D4-4B9F-AD90-0D8E9A229A03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB04835A-DA47-4F37-8316-56CB575582B4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{DEAB8E26-68BC-4F22-A6EB-27BF9D71A254}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{DF5CF967-8FC6-4D2D-AD03-E44B871222C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4D7E6B1-4C12-4FD6-B0E7-00347BC95075}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC4BAFE7-EC00-41F2-BB82-611065FCF90D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FC553F34-DA40-4048-9A90-B33CA2F979CA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FDC580F0-707E-40C2-8435-B70425ED6BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE4E689C-1D87-413C-A318-0860856836DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{064D80D7-7A5D-4FAE-A9F2-936C2F9521F3}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{12EB4298-FEB6-4BDF-BCCC-384739180E86}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{2252F906-2DBC-4590-AE88-C6267D33BC1D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7394A7ED-7FD6-46C8-87E7-1C3AEC873E9D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7DC80366-36D6-4A25-8A0D-DE3859B9F3F4}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"TCP Query User{7DE3A78F-0FD1-42EA-BA35-4BB1A2BE8E0D}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{81BE67CF-428C-4C29-8D49-EBA403237FD1}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{95E79264-D437-4356-81FB-5FFD015885B4}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{981810D4-54B5-4149-80E9-4B4B6AEF3B5B}C:\program files\phped\debugger\dbglistener.exe" = protocol=6 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe |
"TCP Query User{A11B30D5-D160-4ECF-8CA3-C9CB6A313D27}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{A619A55F-D1B5-4ABE-B427-3F915B709374}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B64F4854-9F7C-4917-A69D-B683B611F7E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CCA38C5C-1B80-4C3F-A57A-5E152FB671F8}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"TCP Query User{D629DD94-6984-48E2-88D7-4A46E887261F}D:\blubspace\blubspace.exe" = protocol=6 | dir=in | app=d:\blubspace\blubspace.exe |
"TCP Query User{D6453B87-B728-4F93-B351-08869848384C}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{DEEF91D5-7774-4CFE-BB0F-197D78B9126B}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{F10BC9BF-8063-432A-AC4A-C101E042CCFE}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{08E66D1A-DE84-4A07-A7FD-2D97D83E63BF}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{21B6EC6C-09F4-49EF-8C4B-625957584A80}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{267EE2CC-129E-4E2D-B412-782FE6F68507}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{26D95935-5D45-4D97-92EC-F55F29906A89}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3B2FEF94-9D87-4F23-9120-1FC8BA0FB5A1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4DB6816E-3F7B-4CC3-8DD4-2A18025C080C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5B36212E-1879-41FA-AC2A-B22CE7BAE645}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{77FB3FE4-A261-4270-BD5E-05C978809737}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{7E1C9E02-EAA2-458F-A69C-00A15AAA2194}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"UDP Query User{9339CE29-DD65-4D85-B126-6E7107EF6AA0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A96985E5-D76B-4916-9DA7-CFBB3F043764}C:\program files\phped\debugger\dbglistener.exe" = protocol=17 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe |
"UDP Query User{B073D489-0DC3-45F1-9442-B4ED81C2060A}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C46D644F-E333-41A8-A629-6E32CEF4BFA8}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe |
"UDP Query User{D03D9358-B9D6-479E-8A25-298BF9235D38}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{D70D5A58-70B3-4AA3-B263-82233A7E601B}D:\blubspace\blubspace.exe" = protocol=17 | dir=in | app=d:\blubspace\blubspace.exe |
"UDP Query User{ECB3511D-A902-435D-AE13-A1340E50B54C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{F1CFF249-E7B9-41B6-9067-120557E63C52}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DA6AADA-F91D-4852-946E-19AE6B8111FF}_is1" = shonkymaps
"{1DA750F9-797D-469C-A45C-215E656D7307}" = MSDN Library for Visual Studio 2005 - German
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DDC07F-2867-4407-B4FF-28EB7BA6A846}" = Steganos Live Encryption Engine 15
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{488AB4C7-6D77-4435-BF9F-94611B851552}" = Microsoft SQL Server Native Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6EF59C2E-E355-4AA8-B18A-3E19A7B8EDE9}" = UltraEdit 16.10
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{C1A887F3-0A50-455C-9292-1988E1A209C1}" = Microsoft SQL Server VSS Writer
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 8.0 Professional Demo
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E435B765-A8C2-4DDA-BBFD-2FD08B50EADC}" = WinIQSIM
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15
"{F51BA406-C885-4163-A3E4-056F951DE2FE}" = SIMPLORER 7.0 Student Version
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Blobby Volley 2.0 Alpha 6_is1" = Blobby Volley 2.0 Alpha 6
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CDex" = CDex extraction audio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045" = HDAUDIO Soft Data Fax Modem with SmartCP
"Convert Image To PDF_is1" = Convert Image To PDF
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"CuteMAP" = CuteMAP 1.0
"Deluxe Menus Trial" = Deluxe Menus Trial
"Derive5" = Derive 5
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DMS-FTP V2" = DMS-FTP V2
"doxygen_is1" = doxygen 1.5.9
"EasyCash&Tax_is1" = EasyCash&Tax 1.35
"EAX Unified" = EAX Unified
"EditPlus 2" = EditPlus 2
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Download Manager_is1" = Free Download Manager 2.5
"FWTools247" = FWTools 2.4.7
"Gish Demo_is1" = Gish Demo 1.52
"Google Updater" = Google Updater
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"GPG4Win" = GnuPG For Windows
"GSiteCrawler" = GSiteCrawler
"GyroMeter" = GyroMeter
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"iecollection_is1" = Internet Explorer Collection 1.4.0.2
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Lawicel canusb driver" = Lawicel canusb driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU
"Miranda IM" = Miranda IM 0.9.10
"mIRC" = mIRC
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Testversion)
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.4.9
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 2.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSDN Library für Visual Studio 2005 - Deutsch" = MSDN Library für Visual Studio 2005 - Deutsch
"MultipleIEs_is1" = MultipleIEs
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NHL 2000" = NHL 2000
"NuSphere PhpED_is1" = NuSphere PhpED version 5.0
"OpenAL" = OpenAL
"PHP Documentor_is1" = Php Documentor version 1.3.0 for NuSphere PhpED
"PHP_is1" = php-4.4.6 for NuSphere PhpED
"PHP5_is1" = php-5.2.1 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"PuTTY_is1" = PuTTY version 0.60
"QuickPar" = QuickPar 0.9
"Rainbow Sentinel Driver" = Sentinel System Driver
"RMX Automation" = RMX Automation (remove only)
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = bbkCANCtrl
"ST6UNST #2" = bbkCANCtrl (c:\develop\CAN\CANio\activex\vb6\)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"TortoiseCVS_is1" = TortoiseCVS 1.10.9
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"Wascana C/C++ IDE for Windows" = Wascana C/C++ IDE for Windows
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"xampp" = XAMPP 1.5.3a
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"QLandkarte GT" = QLandkarte GT (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2008 06:13:53 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 31.08.2008 14:48:14 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 31.08.2008 16:02:21 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 01.09.2008 03:15:25 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 03.09.2008 05:03:33 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 05:01:16 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 15:45:29 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
Error - 04.09.2008 17:03:51 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 09.07.2008 07:10:11 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2796
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 16.07.2008 16:01:50 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 496 seconds with 420 seconds of active time. This session ended with a crash.
Error - 25.02.2010 05:57:44 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 60 seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.03.2010 14:37:51 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 961
seconds with 480 seconds of active time. This session ended with a crash.
Error - 04.04.2010 09:17:16 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2224 seconds with 1380 seconds of active time. This session ended with a
crash.
Error - 18.08.2010 05:40:26 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 246250
seconds with 9840 seconds of active time. This session ended with a crash.
Error - 14.10.2010 09:24:36 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 163599
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 02.11.2010 15:11:17 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 302031
seconds with 9840 seconds of active time. This session ended with a crash.
Error - 06.11.2010 16:53:38 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79925
seconds with 3000 seconds of active time. This session ended with a crash.
Error - 11.11.2010 02:38:31 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52380
seconds with 4260 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description =
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description =
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description =
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description =
Error - 14.11.2010 11:06:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7009
Description =
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 11:27:01 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description =
Error - 14.11.2010 12:11:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description =
Error - 14.11.2010 12:35:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Geändert von Jonas66 (14.11.2010 um 22:11 Uhr) Grund: ergänzende Information |
|
15.11.2010, 22:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ThinkPoint vollständig entfernt?Zitat:
__________________ |
|
15.11.2010, 22:52
| #3 |
| | ThinkPoint vollständig entfernt? Nein, nur heruntergeladen, dann aber noch rechtzeitig die Warnung gelesen, es nicht ohne Anweisung auszuführen.
__________________Kleiner Nachtrag zum PC-Verhalten, weiß nich ob es wichtig ist: Der "Gatewaydienst auf Anwendungsebene" verabschiedet sich ebenfalls ab und zu. Zudem funktionieren die tollen(?) Grafikeffekte von Vista nicht mehr und auch der Firefox sieht irgendwie altbacken aus. |
|
15.11.2010, 23:05
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.11.2010, 23:20
| #5 |
| | ThinkPoint vollständig entfernt? Sorry, ich hab noch einen Vollscan-Log vergessen, den noch laufen lassen habe und der auch was gefunden hat. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5105
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
13.11.2010 17:12:25
mbam-log-2010-11-13 (17-12-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 487836
Laufzeit: 3 Stunde(n), 4 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
C:\Windows\Temp\ysin\setup.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\Temp\ysin\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Ich mache dann morgen nochmal einen Vollscan. |
|
15.11.2010, 23:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Den Vollscan machen wir später eh nochmal, brauchst du jetzt nicht nochmal zu machen. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - (AMService) -- C:\Windows\TEMP\ysin\setup.exe File not found
SRV - ({B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
SRV - ({1E4009C0-5F19-403F-B87270576C4E742B}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
DRV - (iMSPQMn) -- C:\Users\***\AppData\Local\Temp\iMSPQMn.sys File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000.12.21 15:54:08 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2000.12.21 15:54:08 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\Shell\AutoRun\command - "" = F:\starter.exe -- File not found
[2010.10.31 14:31:30 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2010.10.31 14:29:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> ThinkPoint vollständig entfernt? |
|
16.11.2010, 00:12
| #7 |
| | ThinkPoint vollständig entfernt? Das war unheimlich. OTL hat alle Prozesse gekillt, dann etwa 10 Minuten gewerkelt und mir anschließend mitgeteilt, dass zum vollständigen Löschen der Dateien ein Systemneustart notwendig ist. Das habe ich mit ok bestätigt. Der PC startete neu. Nach der Windows-Passworteingabe blieb der Bildschirm schwarz, aber ein Mauszeiger sichtbar. Taskmanager ließ sich auch aufrufen. Ich habe dann nochmal neu gestartet und beim Neustart den externen Monitor abgeschaltet. Diesmal wurde der Desktop wieder angezeigt und folgender Log geöffnet: Code:
ATTFilter All processes killed
========== OTL ==========
Service AMService stopped successfully!
Service AMService deleted successfully!
File C:\Windows\TEMP\ysin\setup.exe File not found not found.
Service {B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E} stopped successfully!
Service {B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E} deleted successfully!
File C:\Users\Jonas\AppData\Local\Temp\D9D5.tmp File not found not found.
Service {1E4009C0-5F19-403F-B87270576C4E742B} stopped successfully!
Service {1E4009C0-5F19-403F-B87270576C4E742B} deleted successfully!
File C:\Users\Jonas\AppData\Local\Temp\D9D5.tmp File not found not found.
Service iMSPQMn stopped successfully!
Service iMSPQMn deleted successfully!
File C:\Users\Jonas\AppData\Local\Temp\iMSPQMn.sys File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290cd-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290cd-523e-11df-a898-001b24454c70}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029129-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029129-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029129-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029129-523e-11df-a898-001b24454c70}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029137-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029137-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029137-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029137-523e-11df-a898-001b24454c70}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e784292b-c29b-11dc-b24e-001b24454c70}\ not found.
File F:\starter.exe not found.
C:\Windows\System32\temp.001 moved successfully.
C:\Windows\Setup1.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jonas
->Temp folder emptied: 1575835449 bytes
->Temporary Internet Files folder emptied: 145754240 bytes
->Java cache emptied: 16092021 bytes
->FireFox cache emptied: 104814774 bytes
->Flash cache emptied: 144728 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 232450293 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1543028192 bytes
RecycleBin emptied: 191291531 bytes
Total Files Cleaned = 3.633,00 mb
OTL by OldTimer - Version 3.2.17.2 log created on 11152010_234815
Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Geändert von Jonas66 (16.11.2010 um 00:26 Uhr) |
|
16.11.2010, 08:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2010, 10:01
| #9 |
| | ThinkPoint vollständig entfernt? CCleaner habe ich mehrfach durchlaufen lassen, bis alle Registry-Probleme bereinigt waren. Combofix hat dann gemeldet, dass Rootkotaktivitäten im Boot-Sektor festgestellt wurden und neu gestartet werden muss. Nach dem Neustart kam nach wenigen Sekunden ein Bluescreen und der Computer startete neu. Ich habe es noch zwei Mal probiert und immer der Neustart nach ein paar Sekunden, unabhängig davon, ob ich das Passwort eingegeben habe oder nicht. Der Boot im abgesicherten Modus funktioniert noch. Was jetzt? |
|
16.11.2010, 10:39
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Hast du das Log von CF da?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2010, 10:57
| #11 |
| | ThinkPoint vollständig entfernt? Nein, es wurde keine Datei C:\ComboFix.txt angelegt. Auch sonst gibt es nirgens eine ComboFix.txt. Es wurde lediglich ein Verzeichnis c:\cofi\ angelegt mit einem Haufen Dateien drin. |
|
16.11.2010, 12:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Das ist sch...lecht. So kann ich nicht sehen was CF da gefixt hat. Der abgesicherte Modus geht aber der normale nicht?  Ein Versuch, es ging ja um den Bootsektor - Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2010, 23:19
| #13 |
| | ThinkPoint vollständig entfernt? Hab ich mit der bei meinem Computer mitgelieferten DVD gemacht, hat leider nichts gebracht, gleiches Verhalten. Ein anderes OS habe ich nicht installiert. |
|
17.11.2010, 00:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Die Befehle liefen aber einwandfrei durch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2010, 00:03
| #15 |
| | ThinkPoint vollständig entfernt? Ja, es kam jeweils nach ein paar Sekunden eine kürze Rückmeldung "Die Operation wurde ausgeführt" oder so ähnlich. |
|
| Themen zu ThinkPoint vollständig entfernt? |
| 0x00000001, 32 bit, ad-aware, ad.yieldmanager, antivir, avgntflt.sys, avira, backdoor.gbot, blockiert, bonjour, browser, computer, corp./icp, dropbox, dwm.exe, entfernen, entfernt?, error, excel, firefox, firefox.exe, flash player, free download, funktioniert nicht mehr, google, google earth, hijack.shell, home, home premium, iastor.sys, iexplore.exe, install.exe, joke.stressreducer, location, logfile, malware.packer, microsoft office word, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, pup.keylogger, saver, scan, sched.exe, searchplugins, security, senden, shell32.dll, skype.exe, software, start menu, studio, symantec, teamspeak, thinkpoint, tower, updates, visual studio, vlc media player, windows, windows updates |
Linear-Darstellung
