| |
| |||||||
Log-Analyse und Auswertung: Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.04.2011, 19:58
| #1 |
| |  Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.04.2011 20:40:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Stefan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,02 Gb Total Space | 85,47 Gb Free Space | 38,15% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,78 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 8,87 Gb Total Space | 1,63 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BA55DE-5967-4A2E-ABB7-4B8DD3E8C26F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{09395BAE-EB01-4C7E-8A6A-8C5C20A8205D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EA6E726-4ABE-4796-B0B8-ABDF8D31658D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23065EAC-18D8-45F5-A042-91F217781635}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2442C284-1230-455A-9DCF-8B9F6DAE9832}" = rport=2869 | protocol=6 | dir=out | app=system |
"{27EBE0F7-D85D-46A0-B513-62DE9A7EDC6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3948743B-7C6D-4EFA-B7B7-9F394B11A932}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{416C7970-BA57-44D9-8B2A-DD9D3540F481}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53834BFC-7F4C-4A53-9F91-C901BC743945}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60FA075A-04DB-4344-9B0A-59430D3770DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{65DD44FD-BD7A-4029-A824-E32D57314D3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{792B27CF-9379-4459-85BA-90090BFF657D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8CCDAAB5-AA27-4542-8F1E-AB86BACFCD1D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8E8F496F-579A-497C-A90C-163EEE1B0694}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91B56B9C-DF83-497E-B165-F9A38A52A991}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{930B3D89-C1BB-44BF-815D-0DFEFB15083D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{AB6FE55D-EB45-4803-8E8F-0DC8F90A9A70}" = lport=62716 | protocol=6 | dir=in | name=nsu |
"{C9354B1D-0F22-48F1-8A0C-A357118CB221}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CBE54A12-336A-40C1-B129-F8B5DFDEA556}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CF167242-DC5C-4FCF-96F1-AA18081AD381}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{DCAC2F2E-80D2-4802-819C-39AB900C75F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00638E55-77C3-4F0E-B68C-BECEF7A160CF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{0B3E0A37-8A1F-4A10-82CB-61ACE0A0ACE0}" = protocol=17 | dir=in | app=c:\program files\nokia\ovi\suite\runlauncher.exe |
"{1D154A82-161A-4043-9F0C-9FDD9347F34A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{26619470-108F-43DE-BA36-AD86F5DF5B61}" = protocol=6 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{2C80E018-A464-48D5-940E-2FDF15565643}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{2E8636F2-EC1A-4F4D-8C95-EF075006AC9D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{3AC4EC87-7639-4415-9F46-C2FBAC5097BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47B331E2-F7F9-4762-BF34-9CA01D0E0BD5}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{58D897ED-47BA-46BC-A496-8F3957AB1111}" = protocol=58 | dir=in | name=gemeinsame nutzung der internetverbindung (routeranfrage, eingehend) |
"{5F008762-BA7A-4FD0-A2F7-F8F7824EAAE7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{677453C1-3A96-47DB-9E28-39893550AD5D}" = protocol=17 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{708E2C86-9890-4A36-95D8-42FD6EACB31B}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7B4B4DE3-9015-4A90-B473-7608378384F9}" = protocol=6 | dir=in | app=c:\program files\nokia\ovi\suite\runlauncher.exe |
"{7B61855B-D5E5-4D7D-B908-EDDCAF093E2B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BB441B0-1181-4BC9-BF9E-D1C3B9DA078E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A6E23904-D9E4-4D5C-B89B-B8A46D4195E8}" = protocol=17 | dir=in | app=c:\program files\vso\convertx\3\unins000.exe |
"{BBF2D1B6-6D8B-4DA7-9A09-514AA6FE0E90}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{BCAF7BD2-BD86-4B18-A2C8-AD50AAF7E89D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1259EDF-749E-41D6-83AE-8D38DF320967}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C27EF877-1C54-4475-B317-49C12EC27B8E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{C44A57B6-8DFF-44A2-9969-077BD0A239E7}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{C5963AE6-B081-4D97-BAAC-CFE46AE7403A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{CEDCD82F-520A-4915-A56E-2049AF02692B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{D1334CF8-F79D-4636-BB12-1411F15E2F35}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D2E0F49C-1AF9-4CB4-8878-D2794E1D24E7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DC34F18B-19D2-4F3A-813C-68E67C2AA85F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EB282646-46D2-4F74-8126-C65EF2666D50}" = protocol=6 | dir=in | app=c:\program files\vso\convertx\3\unins000.exe |
"{F2F49A6E-2901-4954-A666-AE15C274D86D}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F65D45D4-DCA3-4EFF-8D20-2497EF8B2C8C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{1A9BB74A-000D-4294-915E-A8EC2A109B39}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2E498A93-D9B4-4FB6-BECC-16EAB95FFF8A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{67CE4E37-78B9-464E-A765-1818FFA54893}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{98E5CFDA-832A-4415-8FCB-4F3E63E459FC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{DED183E2-148C-426D-AB67-DE32D3D98835}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F730DF57-1EC8-44F3-AD9E-1418F8EBC756}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{05A53037-601E-4C14-BE35-85BA81E14F32}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4591C7FE-A3BB-491F-829D-FB07DDBF928A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7EE6D3D1-F15C-4C37-8BEC-16723029B06A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{CB99E301-E04D-4C9C-BB0E-59D0A1CCB91A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CE4C8DCE-B1DE-497E-A288-6C996E037C50}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{EBB62AAA-1E94-449F-920B-2AC9A0FB3923}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{335424A2-2C4E-49F3-A066-58635269DB83}" = Sentinel Protection Installer 7.4.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack Data Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.40
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F18F75E-A395-4273-A73E-C87CD0705D9B}" = PGP Desktop
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87595D19-4363-4506-81CF-91FF73B2F368}" = Nuance PDF Professional 5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}" = Buhl finance - tax 2007 Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D5A71DD-A729-4CDE-B928-A782391A2635}" = TRADOS 6.5 Freelance
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4E4ACA0-79C5-4FC0-818F-ECE4521EBF8D}" = COMPUTERBILD-Abzockschutz
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DE036158-43DD-A582-0969-3E6F656AEC9D}" = Fotomarkt Tuebingen Fotobuch-Software
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Able2Extract v6.0" = Able2Extract v6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyBits Magic Desktop" = Magic Desktop
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FileZilla Client" = FileZilla Client 3.0.11
"FLAC" = FLAC 1.2.1b (remove only)
"Flash Favorite_is1" = Flash Favorite 1.8
"FlashGet" = FlashGet 1.9.6.1073
"Fotobuch Premium Pro" = Fotobuch Premium Pro
"FotomarktTuebingenFotobuchSoftware" = Fotomarkt Tuebingen Fotobuch-Software
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FreePortScanner_is1" = FreePortScanner 2.8.2
"Furnish Pro" = Furnish Pro
"GnuPG" = GNU Privacy Guard
"Hacha Pro Vista - Seven Compatible" = Hacha Pro Vista - Seven Compatible
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JAP" = JAP
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MailStore Home_is1" = MailStore Home 4.2.0.5431
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.0c Light (32-bit)
"OpenSSL_is1" = OpenSSL 0.9.8g
"Opera 11.01.1190" = Opera 11.01
"Orb" = Winamp Remote
"Pixie_is1" = Pixie 1.7.6
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Secunia PSI" = Secunia PSI
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SopCast" = SopCast 3.2.4
"Spesoft Audio Converter_is1" = Spesoft Audio Converter 2.30
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.13
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.72
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2010 09:23:21 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 09:23:26 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 09:23:29 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 09:23:32 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 09:23:40 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 09:23:45 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 12:45:31 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 12:45:38 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 21.02.2010 12:45:50 | Computer Name = Stefan-PC | Source = RasClient | ID = 20227
Description =
Error - 22.02.2010 07:14:41 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 25.03.2009 15:46:35 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1214
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.04.2011 13:55:13 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 15.04.2011 18:04:06 | Computer Name = Stefan-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.04.2011 18:04:44 | Computer Name = Stefan-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 16.04.2011 03:24:21 | Computer Name = Stefan-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 16.04.2011 04:33:27 | Computer Name = Stefan-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 16.04.2011 04:53:36 | Computer Name = Stefan-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 16.04.2011 12:20:26 | Computer Name = Stefan-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 16.04.2011 13:20:44 | Computer Name = Stefan-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 16.04.2011 13:52:20 | Computer Name = Stefan-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
Error - 16.04.2011 14:45:19 | Computer Name = Stefan-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
< End of report >
|
|
16.04.2011, 20:07
| #2 |
| /// Malware-holic   | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten 1. gib uns ne genaue problem beschreibung und klatsche hier nicht einfach ein log rein.
__________________2. fehlt otl.txt
__________________ |
|
16.04.2011, 20:18
| #3 |
| | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten ich dachte, dass man hier die logfiles auswerten lassen kann.
__________________Ganz genau ist das Problem, dass das erste Fenster von Firefox sich immer nach ca. 10 Sekunden aufhängt und auf nichts mehr reagiert. Wenn ich ein weiteres Fenster öffne, tut dieses. Abschalten lässt sich firefox nur mit dem taskmanager, da kommt dann die Fehlermeldung, dass firefox eine Eingabe erwartet und deshalb nicht beendet werden kann. Ich habe firefox 4 und das Programm auch schon neu installiert, der Fehler besteht aber fort. Ferner habe ich auch Probleme mit Skype, das nach dem hochfahren immer 2 bis 3 mal abschmiert, bevor ich es zum laufen bringe... |
|
16.04.2011, 20:22
| #4 |
| | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.04.2011 20:40:19 - Run 1 OTL by OldTimer - Version 3.2.22.3 Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224,02 Gb Total Space | 85,47 Gb Free Space | 38,15% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,78 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 8,87 Gb Total Space | 1,63 Gb Free Space | 18,43% Space Free | Partition Type: NTFS Computer Name: * | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.16 20:40:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.17 11:41:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.12 22:42:54 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011.01.12 22:42:52 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe PRC - [2010.12.31 16:13:43 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.11.15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010.11.07 00:07:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 00:07:06 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010.07.21 13:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.14 17:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe PRC - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.07.21 23:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe PRC - [2009.07.16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe PRC - [2008.09.10 15:32:08 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe PRC - [2008.03.26 15:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe PRC - [2008.03.21 07:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2008.03.21 01:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.04.25 16:59:08 | 000,408,432 | ---- | M] (Hansenet) -- C:\Program Files\Alice\Signup\AliceCnn.exe PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ========== Modules (SafeList) ========== MOD - [2011.04.16 20:40:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe MOD - [2011.01.12 22:42:54 | 000,064,120 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPmapih.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.01.14 17:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.17 11:41:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.12 22:42:54 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011.01.12 22:42:52 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2010.11.07 00:07:06 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV) SRV - [2008.12.23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.03.26 15:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.03.21 07:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2008.03.21 01:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.03.17 11:41:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.12 22:42:54 | 000,300,152 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011.01.12 22:42:54 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011.01.12 22:42:54 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011.01.12 22:42:52 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011.01.12 22:42:52 | 000,013,432 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs) DRV - [2010.11.23 23:04:11 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.01.14 17:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2010.01.14 17:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010.01.14 17:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.21 23:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2009.04.30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.17 08:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.04.15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.11 19:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.21 07:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.07.11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006.11.28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: ca@dictionaries.addons.mozilla.org:2.2.0.1 FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.18 17:32:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 21:50:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 21:50:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.31 16:14:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.16 10:33:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.16 10:29:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.07 19:39:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.18 17:32:20 | 000,000,000 | ---D | M] [2011.02.17 23:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2011.02.17 23:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.16 10:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions [2010.11.07 22:46:15 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{00084897-021a-4361-8423-083407a033e0} [2010.04.28 07:55:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.07 22:57:32 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011.04.01 11:04:15 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.04.08 13:11:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.17 11:26:17 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2011.04.16 00:17:36 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66} [2010.12.12 11:32:33 | 000,000,000 | ---D | M] (Diccionari catalÃ* (general)) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\ca@dictionaries.addons.mozilla.org [2010.11.18 21:31:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.04.01 11:04:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\engine@conduit.com [2010.09.23 22:45:01 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.10.09 10:31:43 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\es-es@dictionaries.addons.mozilla.org [2011.04.16 00:17:35 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\foxyproxy@eric.h.jung [2011.04.16 00:20:29 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5fuzxo5i.default\extensions\tineye@ideeinc.com [2011.01.31 08:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2010.05.22 23:06:00 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2010.05.22 23:20:25 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2010.05.22 23:20:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.22 23:20:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.22 23:20:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.07 22:47:45 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.05.22 23:20:25 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2009.06.09 22:22:08 | 000,001,196 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\5fuzxo5i.default\searchplugins\winamp-search.xml [2011.04.16 10:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.05.22 22:55:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [2010.12.31 16:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.16 22:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.06 20:47:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2010.12.31 16:14:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.04.06 20:46:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll [2011.02.15 13:49:44 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.10 00:04:13 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.09.08 17:22:58 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Mit PDF Converter 5.2 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Mit PDF Professional 5.2 öffnen - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (SsiEfr.exe) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.14 23:27:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.14 15:05:56 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 15:05:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 15:05:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.14 15:05:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 15:05:51 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 15:05:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 15:05:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 15:05:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 15:05:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 15:05:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.14 15:05:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 15:05:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.14 15:05:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.14 15:05:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.14 15:05:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.14 15:05:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.14 15:05:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.14 15:05:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 15:05:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.14 15:05:46 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 15:05:45 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 15:05:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 15:05:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 15:05:26 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 15:05:26 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.10 07:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic [2011.04.10 07:33:39 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx [2011.04.10 07:33:39 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx [2011.04.10 07:33:39 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll [2011.04.10 07:33:39 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx [2011.04.10 07:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.04.10 07:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic [2011.04.06 20:47:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 20:47:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 20:47:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.03 19:43:28 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2011.04.01 10:49:34 | 000,000,000 | ---D | C] -- C:\MEINHAUSPLANER [2011.04.01 10:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BAUSET [2011.04.01 10:49:33 | 000,118,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msadodc.ocx [2011.04.01 10:49:23 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll [2011.04.01 10:49:23 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbar332.dll [2011.04.01 10:49:23 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msxbse35.dll [2011.04.01 10:49:23 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mspdox35.dll [2011.04.01 10:49:23 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msexcl35.dll [2011.04.01 10:49:23 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddao35.dll [2011.04.01 10:49:23 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msltus35.dll [2011.04.01 10:49:23 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mstext35.dll [2011.04.01 10:49:22 | 001,276,088 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v10.1.ocx [2011.04.01 10:49:22 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet35.dll [2011.04.01 10:49:22 | 000,557,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002 [2011.04.01 10:49:22 | 000,460,984 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v10.1.ocx [2011.04.01 10:49:22 | 000,338,104 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v10.1.ocx [2011.04.01 10:49:22 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll [2011.04.01 10:49:22 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint35.dll [2011.04.01 10:49:22 | 000,030,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003 [2011.04.01 10:49:22 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter35.dll [2011.04.01 10:49:21 | 001,369,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\FPSPR70.ocx [2011.04.01 10:49:21 | 000,598,016 | ---- | C] (Key Company) -- C:\Windows\System32\KeyTV3.ocx [2011.04.01 10:49:21 | 000,595,968 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\Resizer.dll [2011.04.01 10:49:21 | 000,482,816 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwf12n.dll [2011.04.01 10:49:21 | 000,220,160 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvid12n.ocx [2011.04.01 10:49:21 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL [2011.04.01 10:49:21 | 000,187,904 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizerPPG.ocx [2011.04.01 10:49:21 | 000,182,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvid12n.dll [2011.04.01 10:49:21 | 000,176,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltcap12n.ocx [2011.04.01 10:49:21 | 000,167,176 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\Windows\System32\ftps60.ocx [2011.04.01 10:49:21 | 000,160,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet12n.ocx [2011.04.01 10:49:21 | 000,139,264 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdxf12n.dll [2011.04.01 10:49:21 | 000,132,608 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControl.dll [2011.04.01 10:49:21 | 000,102,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmpg12n.dll [2011.04.01 10:49:21 | 000,089,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfjbg12n.dll [2011.04.01 10:49:21 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffpx12n.dll [2011.04.01 10:49:21 | 000,067,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwg12N.dll [2011.04.01 10:49:21 | 000,063,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfplt12n.dll [2011.04.01 10:49:21 | 000,062,464 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet12n.dll [2011.04.01 10:49:21 | 000,058,880 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcgm12n.dll [2011.04.01 10:49:21 | 000,058,880 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControlPPG.ocx [2011.04.01 10:49:21 | 000,053,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltcap12n.dll [2011.04.01 10:49:21 | 000,049,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfwmf12n.dll [2011.04.01 10:49:21 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdgn12n.dll [2011.04.01 10:49:21 | 000,047,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXpm12n.dll [2011.04.01 10:49:21 | 000,046,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdrw12n.dll [2011.04.01 10:49:21 | 000,045,568 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXbm12n.dll [2011.04.01 10:49:21 | 000,038,912 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfflc12n.dll [2011.04.01 10:49:21 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFPNM12n.dll [2011.04.01 10:49:21 | 000,028,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfclp12n.dll [2011.04.01 10:49:21 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfiff12n.dll [2011.04.01 10:49:21 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfxwd12n.dll [2011.04.01 10:49:21 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfani12n.dll [2011.04.01 10:49:21 | 000,021,504 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfCUT12n.dll [2011.04.01 10:49:21 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg12n.dll [2011.04.01 10:49:21 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwfx12n.dll [2011.04.01 10:49:21 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd12n.dll [2011.04.01 10:49:21 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfitg12n.dll [2011.04.01 10:49:20 | 000,630,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTOCX12n.ocx [2011.04.01 10:49:20 | 000,544,768 | ---- | C] (VectorDraw) -- C:\Windows\System32\VectorDrawPropertiesList.ocx [2011.04.01 10:49:20 | 000,406,048 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll [2011.04.01 10:49:20 | 000,388,096 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTKRN12n.dll [2011.04.01 10:49:20 | 000,358,912 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP12n.DLL [2011.04.01 10:49:20 | 000,340,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDLG12n.ocx [2011.04.01 10:49:20 | 000,326,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvec12n.ocx [2011.04.01 10:49:20 | 000,307,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDLG12n.dll [2011.04.01 10:49:20 | 000,259,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS12n.dll [2011.04.01 10:49:20 | 000,215,552 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvkrn12n.dll [2011.04.01 10:49:20 | 000,208,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTEFX12n.dll [2011.04.01 10:49:20 | 000,181,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng12n.dll [2011.04.01 10:49:20 | 000,176,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst12n.ocx [2011.04.01 10:49:20 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTIMG12n.dll [2011.04.01 10:49:20 | 000,158,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvdlg12n.dll [2011.04.01 10:49:20 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlbinf32.dll [2011.04.01 10:49:20 | 000,141,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFTIF12n.DLL [2011.04.01 10:49:20 | 000,140,288 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb12n.ocx [2011.04.01 10:49:20 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTFIL12n.dll [2011.04.01 10:49:20 | 000,094,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltodb12n.ocx [2011.04.01 10:49:20 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFFAX12n.DLL [2011.04.01 10:49:20 | 000,060,416 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpct12n.dll [2011.04.01 10:49:20 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst12n.dll [2011.04.01 10:49:20 | 000,048,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfica12n.dll [2011.04.01 10:49:20 | 000,037,888 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps12n.dll [2011.04.01 10:49:20 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd12n.dll [2011.04.01 10:49:20 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTTWN12n.dll [2011.04.01 10:49:20 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal12n.dll [2011.04.01 10:49:20 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif12n.dll [2011.04.01 10:49:20 | 000,032,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb12n.dll [2011.04.01 10:49:20 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflmb12n.dll [2011.04.01 10:49:20 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp12n.dll [2011.04.01 10:49:20 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflma12n.dll [2011.04.01 10:49:20 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx12n.dll [2011.04.01 10:49:20 | 000,023,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfawd12n.dll [2011.04.01 10:49:20 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga12n.dll [2011.04.01 10:49:20 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg12n.dll [2011.04.01 10:49:20 | 000,019,456 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfras12n.dll [2011.04.01 10:49:20 | 000,019,456 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp12n.dll [2011.04.01 10:49:20 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmac12n.dll [2011.04.01 10:49:20 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfavi12n.dll [2011.04.01 10:49:19 | 006,402,048 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdxfiles.dll [2011.04.01 10:49:19 | 002,785,280 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdstd.ocx [2011.04.01 10:49:19 | 002,084,864 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdfopen.ocx [2011.04.01 10:49:19 | 000,962,560 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdrawdxf.dll [2011.04.01 10:49:19 | 000,848,376 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbl6.ocx [2011.04.01 10:49:19 | 000,667,648 | ---- | C] (VectorDraw) -- C:\Windows\System32\vddgn.dll [2011.04.01 10:49:19 | 000,446,464 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdimg.dll [2011.04.01 10:49:19 | 000,106,984 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\xarraydb.ocx [2011.04.01 10:49:19 | 000,073,728 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdXML.dll [2011.04.01 10:49:19 | 000,032,768 | ---- | C] (VectorDraw) -- C:\Windows\System32\vdfext.dll [2011.04.01 10:49:18 | 000,801,464 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx [2011.04.01 10:49:18 | 000,242,144 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\tdbgpp.dll [2011.04.01 10:49:17 | 000,000,000 | ---D | C] -- C:\Windows\Crystal [2011.04.01 10:49:16 | 000,851,420 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crystl32.ocx [2011.04.01 10:49:15 | 000,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sodbc.dll [2011.04.01 10:49:15 | 000,147,456 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p2smon.dll [2011.04.01 10:49:15 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sevt.dll [2011.04.01 10:49:15 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll [2011.04.01 10:49:15 | 000,061,440 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll [2011.04.01 10:49:15 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll [2011.04.01 10:49:15 | 000,036,864 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p3smnde.dll [2011.04.01 10:49:15 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sodde.dll [2011.04.01 10:49:15 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sevde.dll [2011.04.01 10:49:15 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3rdode.dll [2011.04.01 10:49:15 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3ddode.dll [2011.04.01 10:49:15 | 000,023,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bbnd.dll [2011.04.01 10:49:15 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3tdode.dll [2011.04.01 10:49:15 | 000,004,096 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3dbdde.dll [2011.04.01 10:49:14 | 005,337,088 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32.dll [2011.04.01 10:49:14 | 000,745,472 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32_res_de.dll [2011.04.01 10:49:14 | 000,618,496 | ---- | C] (Seagate Software) -- C:\Windows\System32\crpaig80.dll [2011.04.01 10:49:14 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcp50.dll [2011.04.01 10:49:14 | 000,544,768 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\exlate32.dll [2011.04.01 10:49:14 | 000,507,904 | ---- | C] (Seagate Software) -- C:\Windows\System32\crviewer.dll [2011.04.01 10:49:13 | 005,550,080 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\craxdrt.dll [2011.04.01 10:49:13 | 000,442,368 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cpeaut32.dll [2011.04.01 10:49:13 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDBRPTR.DLL [2011.04.01 10:49:13 | 000,262,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDatGrd.ocx [2011.04.01 10:49:13 | 000,147,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001 [2011.04.01 10:49:13 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMM32.OCX [2011.04.01 10:49:13 | 000,040,960 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cdo32.dll [2011.04.01 10:49:12 | 000,525,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBGrid32.ocx [2011.04.01 10:49:12 | 000,446,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000 [2011.04.01 10:49:12 | 000,200,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBList32.ocx [2011.04.01 10:49:12 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSBIND.DLL [2011.04.01 10:49:12 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FlxGdDE.dll [2011.04.01 10:49:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RchTxDE.dll [2011.04.01 10:49:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CmDlgDE.dll [2011.04.01 10:49:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBLstDE.dll [2011.04.01 10:49:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSComDE.dll [2011.04.01 10:49:11 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscmcde.dll [2011.04.01 10:49:11 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vb6de.dll [2011.04.01 10:49:11 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DE.dll [2011.04.01 10:49:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msstkprp.dll [2011.04.01 10:49:11 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vb5db.dll [2011.04.01 10:49:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscc2de.dll [2011.04.01 10:49:11 | 000,035,328 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\DBGrdDE.dll [2011.04.01 10:49:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msprpde.dll [2011.04.01 10:49:10 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2011.04.01 10:49:10 | 000,198,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mci32.ocx [2011.04.01 10:49:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC42LOC.DLL [2011.04.01 10:49:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctde.dll [2011.03.24 22:46:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\LogiShrd [2011.03.24 22:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.03.23 10:45:30 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 10:45:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2008.08.30 21:27:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Stefan\AppData\Roaming\pcouffin.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.16 20:20:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.16 20:20:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.16 19:43:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2011.04.16 18:20:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.16 10:33:58 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.15 20:40:18 | 000,036,949 | ---- | M] () -- C:\Users\Stefan\Desktop\Eilanordnung 100a.pdf [2011.04.15 19:59:15 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.04.15 19:57:29 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 19:57:29 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 19:57:29 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 19:57:29 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.15 19:52:43 | 000,304,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.15 19:50:23 | 3217,260,544 | -HS- | M] () -- C:\hiberfil.sys [2011.04.14 23:37:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.10 07:33:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2011.04.09 10:33:04 | 000,054,272 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.06 20:46:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.06 20:46:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 20:46:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 20:46:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.03 15:26:19 | 000,007,808 | ---- | M] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2011.04.01 10:58:51 | 000,000,089 | ---- | M] () -- C:\Windows\System32\MSBII.dll [2011.03.24 22:22:24 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk [2011.03.17 21:23:28 | 014,916,761 | ---- | M] () -- C:\Users\Stefan\Desktop\Ratz_Fatz-Spielanleitung.pdf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.16 10:33:58 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.16 10:33:55 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.15 20:40:17 | 000,036,949 | ---- | C] () -- C:\Users\Stefan\Desktop\Eilanordnung 100a.pdf [2011.04.10 07:34:45 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job [2011.04.10 07:33:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2011.04.10 07:33:39 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.04.01 10:58:51 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll [2011.04.01 10:49:21 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2011.04.01 10:49:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NumX.ocx [2011.04.01 10:49:21 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2011.04.01 10:49:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll [2011.04.01 10:49:13 | 000,005,807 | ---- | C] () -- C:\Windows\System32\MSCALDEU.TLB [2011.04.01 10:49:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2011.04.01 10:49:10 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll [2011.03.30 10:13:59 | 3217,260,544 | -HS- | C] () -- C:\hiberfil.sys [2011.03.24 22:22:24 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk [2011.03.17 21:23:27 | 014,916,761 | ---- | C] () -- C:\Users\Stefan\Desktop\Ratz_Fatz-Spielanleitung.pdf [2011.02.28 11:53:47 | 005,782,527 | ---- | C] () -- C:\Program Files\tfbl.db4 [2011.02.28 11:53:40 | 000,602,780 | ---- | C] () -- C:\Program Files\tfwl.db5 [2011.02.28 11:53:39 | 000,069,191 | ---- | C] () -- C:\Program Files\Statistics.xml [2011.02.28 11:53:39 | 000,004,339 | ---- | C] () -- C:\Program Files\Blogs.htm [2011.01.12 22:42:54 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2010.07.10 09:51:52 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe [2010.07.10 09:51:52 | 000,004,153 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.06.19 21:17:55 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2010.05.20 23:25:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.21 13:10:40 | 000,000,008 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\jasltw.dat [2010.03.21 13:10:37 | 000,000,004 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\avdrn.dat [2009.12.12 01:23:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.12 01:21:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.06.02 23:27:54 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.04.30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.11.29 11:01:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2008.11.29 11:01:32 | 002,283,027 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008.11.29 11:01:32 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.29 11:01:32 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.29 11:01:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.09.05 23:05:54 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat [2008.09.05 23:01:04 | 000,000,243 | ---- | C] () -- C:\Windows\BUHL.INI [2008.08.30 21:28:04 | 000,000,668 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\vso_ts_preview.xml [2008.08.30 21:27:08 | 000,087,608 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\inst.exe [2008.08.30 21:27:08 | 000,007,887 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\pcouffin.cat [2008.08.30 21:27:08 | 000,001,144 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\pcouffin.inf [2008.08.16 22:20:38 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2008.08.16 22:07:33 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.08.08 10:04:00 | 000,000,594 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat [2008.08.06 09:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.31 22:00:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.07.31 20:27:51 | 000,007,808 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2008.07.31 19:52:48 | 000,054,272 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.06 13:31:25 | 000,056,734 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.06 13:30:56 | 000,056,734 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.06 13:03:45 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.17 07:28:46 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.06.17 07:28:46 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.06.17 07:28:46 | 000,146,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.06.17 07:28:46 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.06.16 23:03:27 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.06.16 21:39:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,304,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
16.04.2011, 20:28
| #5 |
| /// Malware-holic | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten na sicher werten wir deine logs aus, aber deswegen kann man ja trotzdem erst mal mit ner richtigen beschreibung anfangen, damit wir genau das problem kennen. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 18:06
| #6 |
| | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten ich habe alles gemacht, hier ist das logfile, es gab eine infizierte Datei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6400 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 20.04.2011 18:50:59 mbam-log-2011-04-20 (18-50-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 395236 Laufzeit: 1 Stunde(n), 43 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Stefan\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. |
|
20.04.2011, 18:20
| #7 |
| /// Malware-holic | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 21:10
| #8 |
| | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten Combofix Logfile: Code:
ATTFilter ComboFix 11-04-20.01 - Stefan 20.04.2011 20:47:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1359 [GMT 2:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stefan\AppData\Roaming\FFSJ
c:\users\Stefan\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Stefan\AppData\Roaming\inst.exe
c:\users\Stefan\AppData\Roaming\Local
c:\users\Stefan\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Stefan\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Stefan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Stefan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\windows\system32\lfjbg12n.dll
c:\windows\system32\MSBII.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-20 bis 2011-04-20 ))))))))))))))))))))))))))))))
.
.
2011-04-20 19:12 . 2011-04-20 19:12 -------- d-----w- c:\users\Neu\AppData\Local\temp
2011-04-20 19:12 . 2011-04-20 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 11:51 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB3EB6F4-A21C-4105-9C46-E069A5BC0789}\mpengine.dll
2011-04-16 19:31 . 2011-04-16 19:31 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes
2011-04-16 19:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 19:31 . 2011-04-16 19:31 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 19:31 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 19:31 . 2011-04-16 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 17:43 . 2011-04-17 22:53 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-24 20:46 . 2011-03-24 20:46 -------- d-----w- c:\users\Stefan\AppData\Local\LogiShrd
2011-03-23 08:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 08:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:45 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 18:46 . 2010-08-30 20:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-17 09:41 . 2009-03-24 05:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-07 22:18 . 2011-02-07 22:18 179252 ----a-w- c:\windows\system32\PGPlspRollback.reg
2011-02-07 19:06 . 2011-02-07 19:01 237056 ----a-w- c:\windows\system32\libssl32.dll
2011-02-02 16:11 . 2009-10-03 11:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:56 . 2011-04-16 08:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-12 20:42 1056888 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-10 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-31 274608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 12:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2008-11-03 09:02 54560 ----a-w- c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-12-23 00:26 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-12-23 00:28 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2011-01-12 136824]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2011-01-12 13432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-12-23 144672]
S2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [2011-01-12 166520]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-20 327800]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{6E6A1201-4CCC-43B4-8E45-1EE8CBAA1274}.job
- c:\windows\system32\msfeedssync.exe [2011-04-19 21:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://alice.aol.de
mStart Page = hxxp://alice.aol.de
IE: &Alles mit FlashGet laden - c:\program files\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files\FlashGet\jc_link.htm
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit PDF Converter 5.2 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Mit PDF Professional 5.2 öffnen - c:\program files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
LSP: c:\windows\system32\PGPlsp.dll
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\5fuzxo5i.default\
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-20 21:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1168)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\dssenh.dll
.
- - - - - - - > 'Explorer.exe'(3216)
c:\program files\ThreatFire\TfWah.dll
c:\windows\System32\PGPfsshl.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\msutb.dll
c:\windows\System32\msxml3.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\System32\ntlanman.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\PGPserv.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-20 21:32:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-20 19:32
.
Vor Suchlauf: 18 Verzeichnis(se), 93.865.857.024 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 92.545.044.480 Bytes frei
.
- - End Of File - - 182838E858F592B83456A06F5D1419EB
|
|
21.04.2011, 10:23
| #9 |
| /// Malware-holic | Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Firefox hängt, Fehlermeldung bei beenden mit Taskmanager, Eingabe erwartet, Bittte logfile auswerten |
| 32-bit, 7-zip, auswerten, avira, desktop, error, excel, firefox, flash player, frage, hijack, home, hängt, install.exe, jdownloader, location, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, office 2007, oldtimer, plug-in, realtek, registry, registry cleaner, saver, scan, secunia psi, security, security update, server, shell32.dll, skype.exe, software, svchost.exe, taskmanager, usb, vista, wma |
Linear-Darstellung
