Trojaner-Board - TR/Spy.Web.H und windows-virus w32/Indus.A

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Spy.Web.H und windows-virus w32/Indus.A (https://www.trojaner-board.de/103728-tr-spy-web-h-windows-virus-w32-indus-a.html)

TR/Spy.Web.H und windows-virus w32/Indus.A

Guten Tag,

ich glaube ich habe exakt das gleiche Problem wie 'Bitterschoki', welches hier unter dem Titel:
*"TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg"
zu finden ist. Es wurde gestern von 'kira' beantwortet.
Ich habe Fragen zu dem in dem thread beschriebenen Lösungsweg.
Ich möchte Sie gerne um Hilfe bitten, habe leider gar keine Ahnung von PCs und Angst, alles noch schlimmer zu machen.

Avira hat bei mir am 28.9. um 12:50 Uhr "TR/Spy.Web.H" gefunden und sagt, dass das in Quarantäne ist. Der Befall bezieht sich auf " 'C:\Users\July\AppData\Roaming\Microsoft\Protect\espa.kk'".
Außerdem habe ich gerade entdeckt, dass seit 9.7.2010 eine weitere Datei in Quarantäne ist, welche laut Avira den Code des Windows-Virus W32/Induc.A enthält. Hier ist als Quelle: "D:\download\qip8094.exe" angegeben.

Mein Laptop hat seit der Meldung von heute die selben Symptome wie in dem oben genannten Thread.
Ich habe auch so eine email von "eilservice@deutschepost.de" geöffnet, das ist jedoch schon ca. 2 bis 3 Wochen her.
Mein Laptop hat bis heute 12:50 Uhr normal funktioniert. Jedenfalls schien es so.

Ich wollte nun, wie in der Antwort im Thread beschrieben, die SWH ausprobieren.
Hier meine Fragen dazu:

1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen?

2. Könnten Sie bei mir, so wie in dem Thread, bitte auch mit dem Systemscan mit OTL und dem CC-Cleaner nachschauen, falls das sinnvoll wäre?

4. Ich bekomme (auch seit heute) immer eine Meldung von Microsoft Windows (kleines Fenster öffnet sich mit): "Catalyst Control Centre: Host application funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist" mit einem Kästchen "Programm schließen".
Was ist hier zu tun?

Vielen Dank im Voraus!
herzliche Grüße,
Juliane

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:

Zitat von julianes (Beitrag 705346)

1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen?

Die älteste, was angeboten wird
Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.

Zitat:

Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.

http://image.hijackthis.eu/upload/otl_screen_neu.jpg
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Hallo kira,

vielen Dank für die schnelle Antwort!

Die SWH hat nicht funktioniert, dann habe ich es nochmal mit dem nächstälteren Datum (auch wieder der 27.9.) versucht, was ebenfalls nicht ging. Es heißt, dass die "SWH nicht erfolgreich" war, Systemdateien und Einstellungen nicht geändert wurden. Und dass der Wiederherstellungszeitpunkt während der Wiederherstellung beschädigt oder gelöscht wurde.

Nun stehen wieder 5 Wiederherstellungszeitpunkte zur Auswahl, 3 für den 28.9. und 2 für den 29.9.--dies sind die zwei ausgeführten SWHen.

Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln.

Sollte ich jetzt bei Punkt 3 weitermachen?

Bitte um Hilfe.
Vielen Dank und viele Grüße,
Juliane

Zitat:

Zitat von julianes (Beitrag 705618)

Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln.

meinst hier?:-> http://windows.microsoft.com/de-AT/w...-Configuration

genau. danke, ich werde das versuchen.

Hallo,

"Verwenden der letzten als funktionierend bekannten Konfiguration" hat keine Veränderung gebracht.

Hier die OTL.Txt Datei:

OTL Logfile:

Code:

OTL logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe

PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe

PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe

PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe

PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe

PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe

PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe

PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe

PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll

MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll

MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll

MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd

MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd

MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)

SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)

DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)

DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)

DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)

DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

 

[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions

[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions

[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com

[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com

[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml

[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml

[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml

[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml

[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml

[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml

[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml

[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif

[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src

[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml

[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml

[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml

[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml

[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml

[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

 

O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)

O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found

O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)

O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)

O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)

O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)

O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)

O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22

O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)

O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair

[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN

[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys

[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN

[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo

[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP

[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN

[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity

[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll

[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery

[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity

[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb

[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE

[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat

[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini

[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll

[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll

[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll

[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL

[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys

[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys

[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

 
 ========== LOP Check ==========

 

[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH

[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich

[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net

[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon

[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner

[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox

[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC

[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate

[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ

[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite

[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon

[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView

[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo

[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX

[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS

[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org

[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera

[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite

[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP

[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung

[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer

[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec

[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin

[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars

[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems

[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Hier die Extras-Datei:

OTL Logfile:

Code:

OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 1

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 

"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 

"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 

"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install

"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1

"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery

"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7

"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel

"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard

"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0

"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0

"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5

"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86

"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite

"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins

"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New

"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung

"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox

"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audiograbber" = Audiograbber 1.83 SE 

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Citavi" = Citavi 2.5

"CyberGhost VPN_is1" = CyberGhost VPN

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Exact Audio Copy" = Exact Audio Copy 1.0beta2

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"ICQToolbar" = ICQ Toolbar

"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE

"IrfanView" = IrfanView (remove only)

"JAP" = JAP

"LastFM_is1" = Last.fm 1.5.4.27091

"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)

"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)

"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"OpenVPN" = OpenVPN 2.1_rc21

"Oxford Advanced Genie" = Oxford Advanced Genie

"Product_Name" = eText typeSmart

"ProInst" = Intel PROSet Wireless

"SearchAnonymizer" = SearchAnonymizer

"TeamViewer 4" = TeamViewer 4

"TippKönigin_is1" = TippKönigin 5.5

"VLC media player" = VLC media player 0.9.8a

"ZoneAlarm" = ZoneAlarm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010

Description = 

 

Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700

 seconds with 22500 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032

Description = 

 

Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010

Description = 

 

Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236

Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen

 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

 

Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

Hier die Datei des CC-Cleaners:

Code:

7-Zip 4.65                06.02.2009        3,13MB        

ACUBE UniSSOTray V1.0                13.09.2011        0,74MB        

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        13.09.2011                10.3.183.7

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        24.07.2011                10.3.181.34

Adobe Reader 8.3.1        Adobe Systems Incorporated        20.09.2011        87,2MB        8.3.1

Ask Toolbar        Ask.com        13.06.2011        2,30MB        1.12.2.0

Atheros Client Installation Program        Atheros        21.09.2008        10,0MB        7.0

ATI Catalyst Install Manager        ATI Technologies, Inc.        18.09.2008        13,7MB        3.0.682.0

Audiograbber 1.83 SE        Audiograbber Deutschland        07.02.2009                1.83 SE 

Avira AntiVir Personal - Free Antivirus        Avira GmbH        09.08.2011        118,6MB        10.2.0.700

Bluetooth Stack for Windows by Toshiba        TOSHIBA CORPORATION        18.09.2008        57,6MB        v6.00.11

BurnRecovery        MSI        18.09.2008        26,5MB        1.0.0.00610

CCleaner        Piriform        29.09.2011        4,07MB        3.11

Cisco EAP-FAST Module        Cisco Systems, Inc.        21.09.2008        1,04MB        2.1.6

Cisco LEAP Module        Cisco Systems, Inc.        21.09.2008        1,04MB        1.0.12

Cisco PEAP Module        Cisco Systems, Inc.        21.09.2008        0,85MB        1.0.13

Citavi 2.5        Academic Software Zurich        30.10.2010        59,3MB        2.5.2.0

CrazyTalk Cam Suite        Reallusion        05.02.2009        40,8MB        2.0

CyberGhost VPN        CyberGhost S.R.L.        20.09.2011        59,7MB        

DivX Player        DivX, Inc.        28.02.2010        8,43MB        7.2.0

DivX Web Player        DivX,Inc.        28.02.2010        2,83MB        1.5.0

Dolby Control Center        Dolby        18.09.2008        75,5MB        1.1.0601

Dropbox                27.10.2010        24,0MB        0.7.110

eText typeSmart                02.03.2009        10,4MB        

Exact Audio Copy 1.0beta2        Andre Wiethoff        18.08.2011        15,4MB        1.0beta2

Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)        MAGIX AG        06.02.2009        6,29MB        2.0.0.1

GMX Internet Explorer Addon        1&1 Mail & Media GmbH        11.05.2011        0,50MB        1.0.1.0

GMX Softwareaktualisierung        1&1 Mail & Media GmbH        02.08.2011        1,44MB        2.0.1.9

GMX Toolbar für Internet Explorer        1&1 Mail & Media GmbH        06.09.2011        2,30MB        1.6.6.1

GMX Toolbar für Mozilla Firefox        1&1 Mail & Media GmbH        30.05.2011        2,30MB        1.5.5.0

ICQ 7.5 Build #5242 Banner Remover 1.1        murb.com        20.05.2011        1,55MB        

ICQ Toolbar        ICQ        20.05.2011                3.0.0

ICQ Update Patch 1.7        murb.com        12.10.2010        0,81MB        

ICQ7.5        ICQ        20.05.2011        33,4MB        7.5

Install MAGIX Goya Base 1.0.2.0 (UK)        MAGIX AG        06.02.2009        943MB        1.0.2.0

Intel(R) PROSet/Wireless WiFi Software        Intel(R) Corporation        21.09.2008        78,3MB        12.00.0004

Intel® Matrix Storage Manager        Intel Corporation        06.02.2009        9,74MB        

IrfanView (remove only)                17.02.2009        10,3MB        

JAP        JAP-Team        15.09.2011        11,8MB        00.15.001

Java(TM) 6 Update 26        Oracle        27.07.2011        94,9MB        6.0.260

Java(TM) 6 Update 7        Sun Microsystems, Inc.        06.02.2009        138,0MB        1.6.0.70

Last.fm 1.5.4.27091        Last.fm        28.10.2010        18,4MB        

Live Update 5        MSI        24.07.2011        16,9MB        5.0.064

MAGIX Foto Manager 2006 3.4.0.450 (D)        MAGIX AG        06.02.2009        79,1MB        3.4.0.450

MAGIX Goya Base 1.3.1.2 (D)        MAGIX AG        06.02.2009        170,3MB        1.3.1.2

MAGIX Music Manager 2006 7.4.0.438 (D)        MAGIX AG        06.02.2009        86,5MB        7.4.0.438

MAGIX Online Druck Service 2.3.2.0 (D)        MAGIX AG        06.02.2009        9,30MB        2.3.2.0

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        24.02.2009        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        16.02.2009        37,0MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        120,3MB        4.0.30319

Microsoft Office Enterprise 2007        Microsoft Corporation        15.07.2010        639MB        12.0.6425.1000

Microsoft Office File Validation Add-In        Microsoft Corporation        14.09.2011        7,92MB        14.0.5130.5003

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        30.10.2010        1,41MB        9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        13.07.2010        1,46MB        9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        08.05.2010        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,58MB        9.0.30729.6161

Mozilla Firefox 6.0.2 (x86 de)        Mozilla        07.09.2011        34,4MB        6.0.2

MSI Software Install        MSI        18.09.2008        2,07MB        1.0.8.0630

MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        06.02.2009        34,00KB        4.20.9849.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        06.02.2009        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0

Nero 9 Lite        Nero AG        30.04.2010        9,48MB        

OpenOffice.org 3.0        OpenOffice.org        06.02.2009        348MB        3.0.9379

OpenVPN 2.1_rc21                01.11.2010        3,91MB        2.1_rc21

Oxford Advanced Genie                13.02.2009        245MB        

Protector Suite QL 5.8        UPEK Inc.        18.09.2008        71,2MB        5.8.2.4489

Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        18.09.2008        1,62MB        1.00.0000

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        18.09.2008        26,0MB        6.0.1.5636

Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        18.09.2008        4,00MB        

Samsung Kies        Samsung Electronics Co., Ltd.        24.07.2011        176,9MB        2.0.1.11053_99

SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        24.07.2011        37,1MB        1.3.2410.0

SearchAnonymizer                12.10.2010        0,21MB        1.0.1 (de)

Skype Toolbars        Skype Technologies S.A.        21.05.2011        5,72MB        5.3.7280

Skype™ 5.3        Skype Technologies S.A.        21.05.2011        22,6MB        5.3.111

Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        26.10.2010        32,5MB        8.0.0

System Control Manager                18.09.2008        4,17MB        2.0208.0826.001.05

System Requirements Lab for Intel        Husdawg, LLC        08.01.2011        0,87MB        4.3.16.0

TeamViewer 4        TeamViewer GmbH        06.02.2009        4,76MB        

TerraTec Home Cinema                13.03.2011        74,6MB        6.20.4

TippKönigin 5.5        Giletech e.K.        19.08.2010        5,24MB        

Ulead Burn.Now 4.5 SE        InterVideo Digital Technology Corporation        05.02.2009        55,3MB        4.5.0

VLC media player 0.9.8a        VideoLAN Team        06.02.2009        60,6MB        0.9.8a

ZoneAlarm        Check Point, Inc        06.02.2009        10,6MB        7.1.254.000

Vielen Dank!

Schöne Grüße,
Juliane

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`

Code:

Ask Toolbar - Adware -Toolbar

Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

2.
Benötigst unbedingt? wenn nicht deinstalliere:

Zitat:

GMX Internet Explorer Addon 1&1 Mail & Media GmbH 11.05.2011 0,50MB 1.0.1.0
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,44MB 2.0.1.9
GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 06.09.2011 2,30MB 1.6.6.1
GMX Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 30.05.2011 2,30MB 1.5.5.0

Zitat:

Download (ein Programm zu installieren) und Updates ausschließlich vom Hersteller!!

3.
Aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst:
→ Systemsteuerung → Software → deinstallieren...

Zitat:

Java(TM) 6 Update 7

4.
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse
jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir über alle Umsetzungsschritte, die Du erledigt hast!

Hallo,

danke für die Antwort!

Habe alle Schritte umgesetzt.

Habe gerade zwei neue Virus-Meldungen von Avira reinbekommen:
"In der Datei C:\ProgramData\ulHokJiHsVWWMqk.exe wurde ein Virus oder unerwünschtes Programm TR/FakeAV.kcn gefunden"
sowie
"...in ...C:\ProgramData\6DSS92c31Apgjk.exe .... wurde TR/Sisproc.A.1384"
Sie befinden sich jetzt in Quarantäne.

Hier die Datei mit den Avira-Funden:

Code:

Exportierte Ereignisse:
 

02.10.2011 17:28 [Scanner] Suchlauf

      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].

      Anzahl Dateien:        565

      Anzahl Verzeichnisse:        0

      Anzahl Malware:        3

      Anzahl Warnungen:        2
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:28 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff erlauben
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Scanner] Malware gefunden

      Die Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' 

      [trojan].

      Durchgeführte Aktion(en):

      Der Registrierungseintrag 

      <HKEY_USERS\S-1-5-21-676453965-3675783069-989077462-1000\Software\Microsoft\Wind

      ows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert.

      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4af221fc.qua' 

      verschoben!
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:27 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:26 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:26 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:26 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:26 [Guard] Malware gefunden

      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 

      Menu\Programs\Startup\dxdiag.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:17 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:16 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 

      gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:16 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern
 

02.10.2011 17:07 [Guard] Malware gefunden

      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'

      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern

Hier die OTL-txt Datei:
OTL Logfile:

Code:

OTL logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe

PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe

PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe

PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe

PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe

PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe

PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe

PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe

PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll

MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll

MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll

MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd

MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd

MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)

SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)

DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)

DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)

DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)

DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

 

[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions

[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions

[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com

[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com

[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml

[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml

[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml

[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml

[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml

[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml

[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml

[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif

[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src

[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml

[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml

[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml

[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml

[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml

[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

 

O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)

O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found

O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)

O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)

O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)

O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)

O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)

O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22

O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)

O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair

[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN

[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys

[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN

[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo

[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP

[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN

[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity

[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll

[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery

[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity

[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb

[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE

[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat

[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini

[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll

[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll

[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll

[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL

[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys

[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys

[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

 
 ========== LOP Check ==========

 

[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH

[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich

[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net

[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon

[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner

[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox

[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC

[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate

[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ

[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite

[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon

[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView

[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo

[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX

[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS

[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org

[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera

[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite

[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP

[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung

[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer

[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec

[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin

[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars

[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems

[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

OTL-Extras Datei:
OTL Logfile:

Code:

OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 1

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 

"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 

"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 

"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install

"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1

"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery

"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7

"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel

"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard

"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0

"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0

"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5

"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86

"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite

"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins

"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New

"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung

"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox

"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audiograbber" = Audiograbber 1.83 SE 

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Citavi" = Citavi 2.5

"CyberGhost VPN_is1" = CyberGhost VPN

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Exact Audio Copy" = Exact Audio Copy 1.0beta2

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"ICQToolbar" = ICQ Toolbar

"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE

"IrfanView" = IrfanView (remove only)

"JAP" = JAP

"LastFM_is1" = Last.fm 1.5.4.27091

"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)

"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)

"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"OpenVPN" = OpenVPN 2.1_rc21

"Oxford Advanced Genie" = Oxford Advanced Genie

"Product_Name" = eText typeSmart

"ProInst" = Intel PROSet Wireless

"SearchAnonymizer" = SearchAnonymizer

"TeamViewer 4" = TeamViewer 4

"TippKönigin_is1" = TippKönigin 5.5

"VLC media player" = VLC media player 0.9.8a

"ZoneAlarm" = ZoneAlarm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010

Description = 

 

Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700

 seconds with 22500 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032

Description = 

 

Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010

Description = 

 

Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236

Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen

 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

 

Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

Vielen Dank für die Hilfe!

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.gmx.net/tb/ie_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"

[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com

[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml

[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml

[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml

[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml

[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml

[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml

[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml

[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif

[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml

[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found

O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)

O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)

O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)

O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)

O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)

O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)

O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair

[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
 

:Reg

"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" =- 

"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" =-
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

3.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

4.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

Code:

mbr.exe -t > C:\mbr.log & C:\mbr.log

(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Hallo,

hier die Ergebnisse:

1. Fixen mit OTL

Code:

========== OTL ==========

No active process named Updater.exe was found!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "hxxp://www.gmx.de/" removed from browser.startup.homepage

Folder C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com\ not found.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml moved successfully.

C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.

File C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.

File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ not found.

File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.

File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kwlfon deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uIHokJiHsVWWMqk.exe not found.

File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.

Starting removal of ActiveX control {08631890-6059-4255-B37F-F23AD334D122}

C:\Windows\Downloaded Program Files\ACUBEActiveXUninstallControl.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08631890-6059-4255-B37F-F23AD334D122}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ not found.

Starting removal of ActiveX control {1CCA7AD8-4FF3-4449-B994-FD5CD326444C}

C:\Windows\Downloaded Program Files\NMPCertX.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.

Starting removal of ActiveX control {3D64E58D-CB55-4344-B809-CFE38F900838}

C:\Windows\Downloaded Program Files\MagicLoaderX.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.

Starting removal of ActiveX control {5441F297-BB6C-4D6C-9E05-4FD14D96B605}

C:\Windows\Downloaded Program Files\IE8Tools.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.

Starting removal of ActiveX control {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}

C:\Windows\Downloaded Program Files\UniSSOCheck.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.

Starting removal of ActiveX control {AD6870C0-44B7-42FB-A119-C2C6BD9CD005}

C:\Windows\Downloaded Program Files\MagicPassX.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bfba81-5345-11de-90e2-002185560a86}\ not found.

File F:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.

File H:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\LaunchU3.exe -a not found.

C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair folder moved successfully.

File C:\ProgramData\6DSS92c31Apgjk.exe not found.

File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.

C:\Users\July\AppData\Roaming\EurekaLog folder moved successfully.

C:\ProgramData\~6DSS92c31Apgjk moved successfully.

C:\ProgramData\~6DSS92c31Apgjkr moved successfully.

C:\ProgramData\6DSS92c31Apgjk moved successfully.

File C:\Users\July\Desktop\Data Repair.lnk not found.

File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.

========== REGISTRY ==========

Registry key Invalid\\"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" \ not found.

Registry key Invalid\\"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" \ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: July

->Temp folder emptied: 139569761 bytes

->Temporary Internet Files folder emptied: 144793459 bytes

->Java cache emptied: 775379 bytes

->FireFox cache emptied: 59271239 bytes

->Flash cache emptied: 12691 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1189 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 279440 bytes

Windows Temp folder emptied: 61377315 bytes

RecycleBin emptied: 93200842 bytes

 

Total Files Cleaned = 476,00 mb

 

 

OTL by OldTimer - Version 3.2.29.1 log created on 10042011_171513
 

Files\Folders moved on Reboot...

File\Folder C:\Users\July\AppData\Local\Temp\~DF4E5A.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF54DB.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF55D3.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF5F46.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF5F6F.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF6AC4.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DF87D5.tmp not found!

File\Folder C:\Users\July\AppData\Local\Temp\~DFC6AF.tmp not found!

C:\Windows\temp\ZLT0695a.TMP moved successfully.

C:\Windows\temp\ZLT0695d.TMP moved successfully.
 

Registry entries deleted on Reboot...

2. Malwarebytes:

Es wurden keine infizierten Objekte gefunden.
Bericht:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 7891
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

07.10.2011 11:16:10

mbam-log-2011-10-07 (11-16-10).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 312399

Laufzeit: 2 Stunde(n), 11 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

weitere Schritte fehlen...

Sorry, ich hatte Verbindungs- und Zeitprobleme.

Schritt 3. schien zu funktionieren: am Ende war da das Fenster wo ich hätte auf 'copy' drücken können, jedoch hat sich da der PC aufgehangen und es ging gar nichts mehr, auch nach längerem Warten passierte nichts, also hab ich neu gestartet (leider ohne ein Foto zu machen).

leider klappt Schritt 4. nicht:
habe mehrmals, angeblich erfolgreich, die mbr.exe runtergeladen. Aber jedesmal, wenn ich dann darauf klicke erscheint ganz kurz ein schwarzes Fenster mit Text drin, was sich aber nach weniger als einer Sekunde direkt wieder schließt und dann nicht mehr aufzufinden ist.

5. Scan mit OTL:

Text-Datei:
OTL Logfile:

Code:

OTL logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe

PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe

PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe

PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe

PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe

PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe

PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe

PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe

PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll

MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll

MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll

MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd

MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd

MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)

SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)

DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)

DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)

DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)

DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

 

[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions

[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions

[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com

[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com

[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml

[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml

[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml

[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml

[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml

[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml

[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml

[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif

[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src

[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml

[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml

[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml

[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml

[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml

[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

 

O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)

O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found

O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)

O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)

O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)

O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)

O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)

O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22

O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)

O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun

O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair

[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN

[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys

[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN

[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo

[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP

[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP

[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN

[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity

[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll

[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion

[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery

[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity

[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb

[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe

[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr

[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk

[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk

[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk

[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp

[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE

[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat

[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini

[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll

[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll

[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll

[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL

[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys

[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys

[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

 
 ========== LOP Check ==========

 

[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH

[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich

[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net

[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon

[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner

[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox

[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC

[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate

[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog

[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ

[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite

[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon

[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView

[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo

[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX

[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS

[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org

[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera

[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite

[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP

[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung

[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer

[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec

[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin

[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars

[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems

[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Extras-Datei:
OTL Logfile:

Code:

OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = D:\download

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free

6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS

Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS

 

Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 1

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 

"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 

"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 

"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 

"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 

"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 

"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 

"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install

"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1

"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery

"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7

"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel

"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard

"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0

"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0

"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5

"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86

"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite

"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins

"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New

"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung

"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox

"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audiograbber" = Audiograbber 1.83 SE 

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Citavi" = Citavi 2.5

"CyberGhost VPN_is1" = CyberGhost VPN

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Exact Audio Copy" = Exact Audio Copy 1.0beta2

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"ICQToolbar" = ICQ Toolbar

"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE

"IrfanView" = IrfanView (remove only)

"JAP" = JAP

"LastFM_is1" = Last.fm 1.5.4.27091

"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)

"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)

"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"OpenVPN" = OpenVPN 2.1_rc21

"Oxford Advanced Genie" = Oxford Advanced Genie

"Product_Name" = eText typeSmart

"ProInst" = Intel PROSet Wireless

"SearchAnonymizer" = SearchAnonymizer

"TeamViewer 4" = TeamViewer 4

"TippKönigin_is1" = TippKönigin 5.5

"VLC media player" = VLC media player 0.9.8a

"ZoneAlarm" = ZoneAlarm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010

Description = 

 

Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700

 seconds with 22500 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032

Description = 

 

Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010

Description = 

 

Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236

Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen

 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

 

Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

Dankeschön!!

Hallo,

ich habe gerade meinen Laptop hochgefahren und jetzt auf einmal ist der ganze Desktop - der Hintergrund ist immer noch schwarz- voll mit word-Dokumenten, die ich auch öffnen kann. Auch die icons für Outlook, Firefox, icq, der Ordner 'eigene Dateien', und noch ein paar mehr sind wieder auf dem Desktop.
Die word-Dokumente hatte ich jedoch vorher nicht auf dem Desktop liegen gehabt.

Viele Grüße,
Juliane

Zitat:

Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:

Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

2.
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

3.
Alte Logfiles löschen!
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.