| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojaner Laie bittet um HilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.03.2011, 20:49
| #1 |
| |  trojaner Laie bittet um Hilfe Hi, beim onlinebanking sollte ich plötzlich 40 TAN Nummern eingeben. Ein Anruf bei der Bank zeigte schnell, dass sich wohl ein GOZI trojaner eingenistet hat, der nach Aussage der Bank nur sehr schwer zu beseitigen ist. Ich hab mich eingelesen und mal Malwarebytes und otl über meinen rechner laufen lassen malware hat 7 infizierte ordner oder dateien gefunden die ich gelöscht habe und dann hab ich otl drüber laufen lassen. hier die ergebnisse es wäre super wenn ihr mir helfen könntet, was nun zu tun ist bzw wie die ergebnisse interpretiert werden müssen Malware Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6176 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 26.03.2011 20:09:50 mbam-log-2011-03-26 (20-09-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 330380 Laufzeit: 58 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\Users\JES\AppData\Roaming\Igalr\potaz.exe (Trojan.ZbotR.Gen) -> 4044 -> No action taken. Infizierte Speichermodule: c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3004808C-5065-B24A-3365-400F6318CC39} (Trojan.ZbotR.Gen) -> Value: {3004808C-5065-B24A-3365-400F6318CC39} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken. Infizierte Dateien: c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. c:\Users\JES\AppData\Roaming\Igalr\potaz.exe (Trojan.ZbotR.Gen) -> No action taken. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken. ______________________________________________ ich habe alle viren und trojaner entfernt ____________________________ dann otl ___________________ OTL logfile created on: 26.03.2011 20:24:12 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JES\Downloads\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 103,98 Gb Total Space | 24,08 Gb Free Space | 23,16% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 1,35 Gb Free Space | 17,26% Space Free | Partition Type: NTFS Computer Name: JES-PC | User Name: JES | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2011.03.26 18:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JES\Downloads\Downloads\OTL.exe PRC - [2011.03.18 18:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.01.28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.01.28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2010.11.17 17:28:08 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2009.07.31 20:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2009.04.17 13:33:36 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe PRC - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.09 19:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008.05.15 14:59:50 | 002,453,504 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe PRC - [2008.04.15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.25 14:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\Windows\BisonCam\BisonHK.exe PRC - [2007.03.02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ========== Modules (SafeList) ========== MOD - [2011.03.26 18:38:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JES\Downloads\Downloads\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.11.17 17:28:08 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.12.09 19:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.05.13 10:33:22 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2008.04.30 19:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 18:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.04.15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 03:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.10.25 10:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdm.sys -- (sscemdm) DRV:64bit: - [2010.04.27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV:64bit: - [2010.04.27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2010.04.22 19:17:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.06 18:32:53 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.13 04:21:46 | 000,044,032 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AVPolCIR.sys -- (AVPolCIR) DRV:64bit: - [2009.08.13 02:21:40 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AVerPola.sys -- (AVerPola) DRV:64bit: - [2009.08.08 20:35:10 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc) DRV:64bit: - [2009.08.08 20:35:10 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt) DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.04.11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2008.05.26 13:37:59 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.04.30 18:00:58 | 000,838,696 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BisonC07.sys -- (Cam5607) DRV:64bit: - [2008.04.28 05:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2008.04.17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.04.11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008.01.21 03:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2008.01.21 03:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2007.12.06 11:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2007.09.10 14:35:14 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005.11.10 04:00:54 | 001,255,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserl64.sys -- (smserial) DRV - [2010.10.25 10:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.11.02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df&t=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 22 E0 2A 91 D7 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.27 01:03:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.27 01:03:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.03.20 23:01:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.26 18:19:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 18:19:23 | 000,000,000 | ---D | M] [2009.11.07 16:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JES\AppData\Roaming\mozilla\Extensions [2011.03.26 09:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions [2010.10.30 17:48:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.27 11:59:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.22 19:19:03 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions\DTToolbar@toolbarnet.com [2009.12.08 22:35:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions\firefox@tvunetworks.com [2010.09.11 15:55:51 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\JES\AppData\Roaming\mozilla\Firefox\Profiles\k20vxe67.default\extensions\vshare@toolbar [2009.12.15 11:47:17 | 000,002,171 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\bing.xml [2010.04.22 19:18:18 | 000,002,059 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\daemon-search.xml [2011.03.25 22:44:22 | 000,000,961 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin-1.xml [2010.09.28 07:19:09 | 000,000,961 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin-2.xml [2010.10.22 08:06:17 | 000,000,961 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin-3.xml [2010.10.29 19:08:19 | 000,000,961 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin-4.xml [2010.12.13 11:31:15 | 000,000,961 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin-5.xml [2010.07.18 11:28:53 | 000,000,958 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\icqplugin.xml [2010.09.11 15:57:05 | 000,001,592 | ---- | M] () -- C:\Users\JES\AppData\Roaming\Mozilla\Firefox\Profiles\k20vxe67.default\searchplugins\web-search.xml [2011.03.26 18:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- [2011.03.05 20:16:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2011.03.05 20:16:46 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF [2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\JES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: Add to AVI Converter... - C:\Program Files (x86)\MP3 Player Utilities 5.09\AVIConverter\grab.html () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Add to AVI Converter... - C:\Program Files (x86)\MP3 Player Utilities 5.09\AVIConverter\grab.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{223dcd84-ba43-11de-91de-0090f58ade74}\Shell - "" = AutoRun O33 - MountPoints2\{223dcd84-ba43-11de-91de-0090f58ade74}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{223dcd86-ba43-11de-91de-0090f58ade74}\Shell - "" = AutoRun O33 - MountPoints2\{223dcd86-ba43-11de-91de-0090f58ade74}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{7addd027-f32b-11df-8c02-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{9d6cf4bb-b173-11de-aed9-b1183577c818}\Shell - "" = AutoRun O33 - MountPoints2\{9d6cf4bb-b173-11de-aed9-b1183577c818}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9d6cf4d7-b173-11de-aed9-b1183577c818}\Shell - "" = AutoRun O33 - MountPoints2\{9d6cf4d7-b173-11de-aed9-b1183577c818}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{aaa9dccd-2b9b-11df-a7d2-0090f58ade74}\Shell - "" = AutoRun O33 - MountPoints2\{aaa9dccd-2b9b-11df-a7d2-0090f58ade74}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\system.exe O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\Explore\command - "" = F:\system.exe O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\Open\command - "" = F:\system.exe O33 - MountPoints2\{ff8a7a7d-d37e-11dd-8486-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2011.03.26 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Roaming\Malwarebytes [2011.03.26 18:36:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.03.26 18:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.26 18:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.26 18:36:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.03.26 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.03.26 10:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.03.26 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.03.26 10:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.03.24 22:54:06 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.03.24 22:53:13 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.03.24 22:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.03.23 12:35:36 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.23 12:35:36 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.23 12:35:36 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.03.23 12:35:36 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.03.20 23:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.03.20 23:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2011.03.20 22:43:49 | 000,000,000 | ---D | C] -- C:\Users\JES\Desktop\Adobe Acrobat X [2011.03.09 19:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.03.09 14:43:11 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.09 14:43:11 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.09 14:43:10 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.09 14:43:10 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.09 14:43:08 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.09 14:43:08 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.09 14:43:08 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.09 14:43:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.09 14:43:08 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.09 14:43:08 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.09 14:43:08 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll [2011.03.09 14:43:07 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll [2011.03.05 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.03.05 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011.02.27 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant [2011.02.27 12:00:24 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Roaming\FinalMediaPlayer [2011.02.27 12:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer [2011.02.27 12:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalMediaPlayer [2011.02.27 01:05:17 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Local\DDMSettings [2011.02.27 01:02:26 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.02.27 01:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.02.27 00:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.02.23 23:04:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2011.02.23 23:04:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2011.02.23 23:01:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2011.02.23 23:01:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll [2011.02.23 23:01:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll [2011.02.23 23:01:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll [2011.02.23 23:01:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2011.02.23 23:01:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2011.02.23 23:01:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll [2011.02.23 23:01:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2011.02.23 23:01:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe [2011.02.23 23:01:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe [2011.02.23 23:01:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe [2011.02.23 23:01:13 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll [2011.02.23 23:01:13 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe [2011.02.23 23:01:13 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll [2011.02.23 23:01:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2011.02.23 23:01:13 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2011.02.23 23:01:13 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2011.02.23 23:01:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2011.02.23 23:01:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll [2011.02.23 23:01:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2011.02.23 23:01:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2011.02.23 23:01:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2011.02.23 23:00:58 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2011.02.23 23:00:58 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2011.02.23 23:00:58 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2011.02.23 23:00:57 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll [2011.02.23 23:00:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2011.02.23 23:00:57 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2011.02.23 23:00:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2011.02.23 23:00:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2011.02.23 23:00:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2011.02.23 23:00:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2011.02.12 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Roaming\Amazon [2011.02.12 12:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.02.12 12:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2011.02.10 19:08:47 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.02.10 19:08:47 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll [2011.02.10 19:08:47 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.02.10 19:08:47 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll [2011.02.10 19:08:44 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.02.10 19:08:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.02.10 19:08:43 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.10 19:08:43 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2011.02.10 19:08:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.10 19:08:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.02.10 19:08:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.02.10 19:08:42 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2011.02.10 19:08:42 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll [2011.02.10 19:08:42 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll [2011.02.10 19:08:42 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll [2011.02.10 19:08:42 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.02.10 19:08:41 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2011.02.10 19:08:41 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll [2011.02.10 19:08:41 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.02.10 19:08:40 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.02.10 19:08:40 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2011.02.10 19:08:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll [2011.02.10 19:08:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2011.02.10 19:08:40 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.02.10 19:08:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.02.10 19:08:40 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.02.10 19:08:39 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.02.10 19:08:39 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2011.02.10 19:08:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll [2011.02.10 19:08:39 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2011.02.10 19:08:39 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2011.02.10 19:08:39 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll [2011.02.10 19:08:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.02.10 19:08:38 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2011.02.10 19:08:38 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2011.02.10 19:08:38 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll [2011.02.10 19:08:38 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2011.02.10 19:08:38 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2011.02.10 19:08:38 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2011.02.10 19:08:37 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.02.10 19:08:37 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.10 19:08:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2011.02.10 19:08:36 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2011.02.10 19:08:36 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2011.02.10 19:08:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2011.02.10 19:04:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.10 19:04:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.10 19:04:54 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.10 19:04:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.10 19:04:43 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll [2011.02.10 19:04:25 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.10 19:04:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.10 19:04:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.02.10 19:04:23 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.02.10 19:04:23 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.02.10 19:04:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.10 19:04:23 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.02.10 19:04:23 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.10 19:04:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.02.10 19:04:22 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.10 19:04:22 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.10 19:04:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.10 19:04:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.02.10 19:04:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.10 19:04:20 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.02.10 19:04:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.02.10 19:04:20 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.02.10 19:04:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.02.10 19:04:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.02.10 19:04:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.02.10 19:04:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.02.10 19:04:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.02.10 19:04:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.02.10 19:04:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.10 19:04:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.02.10 19:04:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.10 19:04:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.10 19:04:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.10 19:04:14 | 004,699,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.10 19:04:13 | 001,585,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.05 03:03:09 | 000,000,000 | ---D | C] -- C:\Intel [2011.01.31 21:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011.01.31 21:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.01.31 21:02:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2011.01.31 21:02:20 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2011.01.31 21:02:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2011.01.31 21:02:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2011.01.31 21:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2011.01.26 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Roaming\Etyfh [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2011.03.26 20:26:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{02350FD8-2EFC-4127-AA65-A15FE8D1E9A4}.job [2011.03.26 19:48:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.26 19:48:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.26 18:38:01 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{494FAE08-F87A-42AA-98A6-BAAE3DD754B6}.job [2011.03.26 18:19:25 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.26 17:54:19 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.26 17:54:19 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.26 17:54:19 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.26 17:54:19 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.26 17:54:19 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.26 17:51:25 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2011.03.26 17:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.26 17:47:04 | 2106,163,200 | -HS- | M] () -- C:\hiberfil.sys [2011.03.26 12:02:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.24 22:54:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.03.20 23:08:58 | 000,303,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.03.20 23:02:01 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2011.03.20 01:01:34 | 000,125,952 | ---- | M] () -- C:\Users\JES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.11 19:31:45 | 000,074,398 | ---- | M] () -- C:\Users\JES\Desktop\payment singapore.pdf [2011.03.06 16:24:56 | 002,748,121 | ---- | M] () -- C:\Users\JES\Drogenkurier 85_3.klappe.pdf [2011.03.05 12:05:36 | 000,244,987 | ---- | M] () -- C:\Users\JES\Brief GBAfinal.pdf [2011.03.01 21:15:43 | 000,019,795 | ---- | M] () -- C:\Users\JES\Documents\lebenslauf mit foto.pdf [2011.02.27 12:00:23 | 000,000,907 | ---- | M] () -- C:\Users\JES\Desktop\FinalMediaPlayer.lnk [2011.02.27 01:03:46 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.02.27 01:03:46 | 000,001,421 | ---- | M] () -- C:\Users\JES\Desktop\DivX Movies.lnk [2011.02.27 01:02:58 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.02.23 16:04:07 | 000,238,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.02.22 15:47:08 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.22 15:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.22 14:53:33 | 001,555,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.02.22 14:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.02.19 16:58:00 | 002,849,693 | ---- | M] () -- C:\Users\JES\Drogenkurier_Ausgabe84.pdf [2011.02.13 14:22:19 | 000,614,403 | ---- | M] () -- C:\Windows\BsSnap.pre [2011.02.07 21:47:38 | 000,000,832 | ---- | M] () -- C:\Users\JES\AppData\Local\SRDownloader.nast [2011.02.06 21:43:27 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.02.06 21:43:14 | 000,000,772 | ---- | M] () -- C:\Users\JES\Desktop\LGMobile update.lnk [2011.01.31 21:02:25 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2011.01.29 13:30:28 | 000,031,518 | ---- | M] () -- C:\Users\JES\Documents\Accomodation_updated_list.pdf [2011.01.27 19:28:14 | 000,000,680 | ---- | M] () -- C:\Users\JES\AppData\Local\d3d9caps.dat [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.26 18:19:25 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.26 18:19:25 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.24 22:54:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011.03.20 23:02:01 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2011.03.20 23:02:00 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2011.03.20 23:02:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2011.03.11 19:31:43 | 000,074,398 | ---- | C] () -- C:\Users\JES\Desktop\payment singapore.pdf [2011.03.06 14:36:27 | 002,748,121 | ---- | C] () -- C:\Users\JES\Drogenkurier 85_3.klappe.pdf [2011.03.05 12:05:33 | 000,244,987 | ---- | C] () -- C:\Users\JES\Brief GBAfinal.pdf [2011.03.01 21:15:43 | 000,019,795 | ---- | C] () -- C:\Users\JES\Documents\lebenslauf mit foto.pdf [2011.02.27 12:00:27 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2011.02.27 12:00:23 | 000,000,907 | ---- | C] () -- C:\Users\JES\Desktop\FinalMediaPlayer.lnk [2011.02.27 01:03:46 | 000,001,421 | ---- | C] () -- C:\Users\JES\Desktop\DivX Movies.lnk [2011.02.27 01:02:58 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.02.27 01:02:11 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.02.23 23:00:59 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2011.02.23 23:00:59 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2011.02.23 23:00:59 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2011.02.23 23:00:59 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2011.02.23 23:00:59 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2011.02.23 23:00:59 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2011.02.19 16:58:00 | 002,849,693 | ---- | C] () -- C:\Users\JES\Drogenkurier_Ausgabe84.pdf [2011.02.07 21:47:38 | 000,000,832 | ---- | C] () -- C:\Users\JES\AppData\Local\SRDownloader.nast [2011.01.31 21:02:25 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2011.01.31 21:02:22 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2011.01.29 13:30:28 | 000,031,518 | ---- | C] () -- C:\Users\JES\Documents\Accomodation_updated_list.pdf [2011.01.20 20:45:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.01.20 20:45:23 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2010.10.02 11:37:30 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2010.10.02 11:37:30 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2010.10.02 11:37:15 | 000,598,016 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2010.10.02 11:37:15 | 000,307,200 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2010.10.02 11:37:15 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2010.10.02 11:37:15 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2010.10.02 11:37:15 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2010.10.02 11:37:15 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2010.10.02 11:37:15 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2010.08.25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.08.25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.08.25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.04.04 13:48:02 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.10.26 21:08:55 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.10.26 21:08:52 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2009.10.24 10:24:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.24 10:23:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.10.24 10:22:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.15 21:02:13 | 000,000,680 | ---- | C] () -- C:\Users\JES\AppData\Local\d3d9caps.dat [2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.08.22 23:39:44 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.08.22 23:35:28 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.06.07 16:29:35 | 000,000,768 | ---- | C] () -- C:\Windows\wiso.ini [2008.12.28 17:43:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.12.28 17:43:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.12.28 17:34:38 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2008.10.26 11:29:07 | 000,125,952 | ---- | C] () -- C:\Users\JES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.23 19:17:42 | 000,031,049 | ---- | C] () -- C:\Users\JES\AppData\Roaming\UserTile.png [2008.10.23 17:40:58 | 000,000,518 | ---- | C] () -- C:\Users\JES\AppData\Roaming\wklnhst.dat [2008.09.25 12:55:19 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.24 09:16:55 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin [2008.08.04 10:59:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.08.01 06:18:02 | 000,000,188 | R--- | C] () -- C:\Windows\OEM.ini [2008.08.01 06:18:01 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.08.01 05:06:35 | 000,000,032 | ---- | C] () -- C:\Windows\CD_START.INI [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.03.06 09:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll [2005.11.10 03:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56spn.dll [2005.11.10 03:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56itl.dll [2005.11.10 03:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56eng.dll [2005.11.10 03:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56brz.dll [2005.11.10 03:52:42 | 000,053,248 | ---- | C] () -- C:\Windows\sm56ger.dll [2005.11.10 03:52:42 | 000,053,248 | ---- | C] () -- C:\Windows\sm56fra.dll [2005.11.10 03:52:42 | 000,045,056 | ---- | C] () -- C:\Windows\sm56jpn.dll [2005.11.10 03:52:42 | 000,040,960 | ---- | C] () -- C:\Windows\sm56cht.dll [2005.11.10 03:52:42 | 000,040,960 | ---- | C] () -- C:\Windows\sm56chs.dll [2004.09.16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS < End of report > _____________________ dann otl extras OTL Extras logfile created on: 26.03.2011 20:24:12 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JES\Downloads\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 103,98 Gb Total Space | 24,08 Gb Free Space | 23,16% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 1,35 Gb Free Space | 17,26% Space Free | Partition Type: NTFS Computer Name: JES-PC | User Name: JES | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 63 7D 58 D9 69 56 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1413103369-177604827-679083771-1000] "EnableNotificationsRef" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1763BE63-24F2-40D1-8F46-F3154A70F0A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2A170117-4597-4A0E-A8A0-AE515D95B113}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2C551CA3-0B2A-4A62-AF78-3F7AECBA1ACE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3C5A3374-378D-4F3A-A184-A573A9585393}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4E6DAE98-EC97-4209-BEE7-1A8B28B6ED3A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6873720E-9EDE-438C-960B-1BA63985F5DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{82CD2FA2-8D74-4EB2-8A9B-759A67DF4104}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{978FE981-C15D-4189-B497-F26604A084A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BA871DB3-187C-4C71-A6A3-E8FB80399CFB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9523DA0-3AFB-462A-A7AA-7A97D5E1F1AF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E2EA4E27-FC93-4980-9D39-86ECE38F6327}" = lport=2869 | protocol=6 | dir=in | app=system | "{ED93F3CB-EF7C-41CB-85A2-B8BE445F0549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F7DB4293-F5FE-45C8-9BE6-889E1AF78EE6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC9382DF-3C05-4C66-8B63-0B27DEE51D7B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FF961E-1F21-454A-99F2-DEE85521A38C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0448461A-B7BE-41D3-B729-AA2C70DE3247}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1DE4AC42-6A20-4C20-B98B-8DA233301672}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe | "{26B419A9-356C-4FA8-81E7-FA7F77BDE094}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3FDE413C-9FCE-43D1-9A30-F1DCB5624BE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{5267E9CE-6476-4639-8DDD-E3D8ABBA78CF}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5A89199E-6CF0-49DA-BFD5-42AD2E3DAA65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5B738632-39D5-4F2F-8499-6BFE014100DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{608811DA-0D3E-4B2C-92DF-4BBB5AB55024}" = protocol=17 | dir=in | app=c:\users\jes\appdata\roaming\dropbox\bin\dropbox.exe | "{7A848260-DEDB-4306-98C5-51261F10B06B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{818EBD25-4122-4783-B595-4248E63276D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8836822B-8C29-47AA-8749-91E475793EFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A8DFF835-5FFA-462F-A9B6-2D916B2FEC76}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{B916EE76-0D43-4F6F-A56D-DFDA5CC07D67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C01F9471-A414-4B14-89D6-2D452B4F66AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{C37F9A39-1F55-4754-B6A6-2A8054234800}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E2E78A8E-AE94-4E6F-89C1-509E3BE18A65}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EE43CD2D-AE8A-422E-B349-6686B7BB1C18}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{F3055D04-648A-43C2-84B7-AC1E5C9163F9}" = protocol=6 | dir=in | app=c:\users\jes\appdata\roaming\dropbox\bin\dropbox.exe | "{F827ABAE-F98F-4E2A-9D78-DA65EA287A5D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{FE2E4B23-2980-4E88-A207-991388A36C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "TCP Query User{0555C38C-02FE-44E4-8632-186F29CF4CFC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | "TCP Query User{0944059D-4AE1-4487-9F28-BB408CF2CB01}C:\users\jes\appdata\roaming\igalr\potaz.exe" = protocol=6 | dir=in | app=c:\users\jes\appdata\roaming\igalr\potaz.exe | "TCP Query User{28228883-EEB7-46EF-A1FB-92284EFCFE08}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | "TCP Query User{739709A8-ED72-4B85-81C8-57F17F89A519}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe | "TCP Query User{7DE8E9EE-89F1-4750-AE8E-50BE72274675}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{AD408FA3-471F-4E0E-8FF0-10A827772E07}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{C49A1774-B831-4065-A94E-172B91503537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{C49CC537-42C9-4762-8DEB-2980F94D7683}C:\users\jes\appdata\roaming\igalr\potaz.exe" = protocol=6 | dir=in | app=c:\users\jes\appdata\roaming\igalr\potaz.exe | "TCP Query User{D25F544F-34F6-482A-9D87-75338541A1A1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{EAD797C6-2E73-4663-9946-84CC7A4F8503}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{EEA5CC8E-9B1B-4C6A-8656-F3E7F0A68F6B}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{EFA81EEF-891D-4B53-91AE-E1C575AA9B73}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{086499CE-1D35-441E-9D94-CDA00B2278DE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{0CC23965-6C67-4854-A12D-F850B1E04491}C:\users\jes\appdata\roaming\igalr\potaz.exe" = protocol=17 | dir=in | app=c:\users\jes\appdata\roaming\igalr\potaz.exe | "UDP Query User{5C4F1B09-E037-4FD3-966B-2CD52A8CB6A9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{702C7171-1E99-452E-86D3-566C59F67863}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{8DCE2FA0-9738-4705-9CEB-C8B7E753E408}C:\users\jes\appdata\roaming\igalr\potaz.exe" = protocol=17 | dir=in | app=c:\users\jes\appdata\roaming\igalr\potaz.exe | "UDP Query User{918B8304-F6B8-4A60-A8E5-1110C677F47D}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe | "UDP Query User{A08DCF61-B2A5-4D45-BE69-BE7CDB0D4534}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | "UDP Query User{B63668BA-FB83-42C6-BAD8-9C380FEFCAF8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{D442D766-8A28-466D-B7F5-AEBD45747A60}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | "UDP Query User{E0735224-E5FD-48CF-ABC9-8CD07363B2D7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{E1D8E636-BC99-4A63-AE39-1BB8F6AFBDA0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{EF2E178C-11CD-4D23-9614-810605A4C812}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A9B7ADD-FF58-49E5-8204-956121D764DC}" = Apple Mobile Device Support "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software "{2EF5C74A-1137-46B1-A7BA-5A39ED27A22A}" = Bonjour "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer "{D8BD0DDE-E007-4A55-9973-B95D5FA08C3F}" = iTunes "{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "ProInst" = Intel PROSet Wireless "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{231E5C2B-8975-4E57-814B-BB137890C016}" = Europa Führerschein "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2 "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{84B52F7C-7DB3-49FE-A405-61176C9639DC}" = JoGoVEREIN "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = MP3 Player Utilities 5.09 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{ADD9E56D-2DD8-448A-8887-B3AF76AB1031}" = Nero 7 Essentials "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D03B48A7-F0D5-4832-B166-62624DA5A191}" = PC Link Manager "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "eMule" = eMule "FinalMediaPlayer_is1" = Final Media Player 2011 "Freemake Video Converter_is1" = Freemake Video Converter version 2.0.0 "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "MyFreeCodec" = MyFreeCodec "Trusted Software Assistant_is1" = File Type Assistant "Veetle TV" = Veetle TV 0.9.18 "Verbindungsassistent" = Verbindungsassistent "vShare" = vShare Plugin "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
26.03.2011, 21:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | trojaner Laie bittet um Hilfe Das steht no action taken! Hast du alle Funde entfernt?
__________________Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
|
27.03.2011, 12:03
| #3 |
| | trojaner Laie bittet um Hilfe hallo, ja ich habe alle Funde entfernt. ich lasse jetzt malwarbytes nochmal drüberlaufen und sende dir die logdateien, oder?
__________________ |
|
27.03.2011, 13:08
| #4 |
| | trojaner Laie bittet um Hilfe ich habe nun malwarbytes nochmal durchlaufen lassen. hier ist das ergebnis. ich habe nun mal die Viren/Trojaner noch nicht gelöscht damit du dir nen Einruck von der Situation mache kannst Hier die logdatei Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6176 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 27.03.2011 14:02:38 mbam-log-2011-03-27 (14-02-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 330698 Laufzeit: 1 Stunde(n), 0 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken. |
|
27.03.2011, 20:58
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | trojaner Laie bittet um Hilfe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.01.26 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\JES\AppData\Roaming\Etyfh
[2011.02.13 14:22:19 | 000,614,403 | ---- | M] () -- C:\Windows\BsSnap.pre
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{223dcd84-ba43-11de-91de-0090f58ade74}\Shell - "" = AutoRun
O33 - MountPoints2\{223dcd84-ba43-11de-91de-0090f58ade74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{223dcd86-ba43-11de-91de-0090f58ade74}\Shell - "" = AutoRun
O33 - MountPoints2\{223dcd86-ba43-11de-91de-0090f58ade74}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7addd027-f32b-11df-8c02-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{9d6cf4bb-b173-11de-aed9-b1183577c818}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6cf4bb-b173-11de-aed9-b1183577c818}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d6cf4d7-b173-11de-aed9-b1183577c818}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6cf4d7-b173-11de-aed9-b1183577c818}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{aaa9dccd-2b9b-11df-a7d2-0090f58ade74}\Shell - "" = AutoRun
O33 - MountPoints2\{aaa9dccd-2b9b-11df-a7d2-0090f58ade74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\system.exe
O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\Explore\command - "" = F:\system.exe
O33 - MountPoints2\{e32e32d5-c464-11dd-93f9-0090f58ade74}\Shell\Open\command - "" = F:\system.exe
O33 - MountPoints2\{ff8a7a7d-d37e-11dd-8486-0090f58ade74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu trojaner Laie bittet um Hilfe |
| 64-bit, bho, bonjour, brief, c:\windows\system32\rundll32.exe, ebanking, error, excel, firefox, flash player, google, helper, home, hängen, iastor.sys, iexplore.exe, install.exe, location, logfile, microsoft office word, mozilla, mp3, object, office 2007, oldtimer, olympus, pdfforge toolbar, plug-in, programdata, realtek, registry, safer networking, saver, scan, searchplugins, security, security update, shell32.dll, shortcut, software, spigot, sptd.sys, start menu, studio, super, svchost.exe, syswow64, trojan.zbotr.gen, trojaner, video converter, viren, vista |
