Trojaner-Board - zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten

Malware-Ausgabe:
[code]
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.31.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
[...]:: HOME [Administrator]

31.01.2012 14:12:59
mbam-log-2012-01-31 (14-12-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 608208
Laufzeit: 8 Stunde(n), 5 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

[\code]

OTL-Ausgabe:
OTL Logfile:

Code:

OTL logfile created on: 31.01.2012 22:45:59 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\[...]\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 29,34% Memory free

4,22 Gb Paging File | 2,15 Gb Available in Paging File | 50,90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223,38 Gb Total Space | 47,79 Gb Free Space | 21,39% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS

Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

 

Computer Name: HOME | User Name: [...]| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.31 19:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[...]\Downloads\OTL.exe

PRC - [2012.01.25 11:37:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2009.08.05 12:46:55 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.06.13 18:51:05 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2008.04.19 12:42:33 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe

PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

PRC - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.03.29 12:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007.03.29 12:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2007.01.04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe

PRC - [2005.08.11 20:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB71\bin\win32\MATLAB.exe

PRC - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.25 11:37:57 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.11.25 10:48:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.08.24 13:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

MOD - [2007.03.29 12:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007.03.29 11:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll

MOD - [2007.01.17 09:08:34 | 000,009,336 | ---- | M] () -- C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2009.08.05 12:46:55 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.06.13 18:51:05 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.06.05 03:13:20 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2008.04.19 12:42:33 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007.06.08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007.01.13 16:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)

SRV - [2007.01.12 12:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2007.01.04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)

SRV - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.21 14:05:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2009.12.07 19:15:39 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.08.03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)

DRV - [2009.08.03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009.08.03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009.08.03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009.08.03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009.08.03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2009.06.13 18:51:05 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.06.13 18:51:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.01.06 11:33:58 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008.06.13 09:00:00 | 000,856,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2008.06.13 09:00:00 | 000,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVENG.SYS -- (NAVENG)

DRV - [2008.04.17 10:54:54 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2008.04.17 10:54:54 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2008.04.04 16:47:34 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080617.001\IDSvix86.sys -- (IDSvix86)

DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007.11.30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2007.11.30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2007.11.30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007.09.14 16:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.06.08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007.05.24 15:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2007.04.16 02:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007.04.14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2006.11.30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006.06.28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.order.1: "GMX Suche"

FF - prefs.js..browser.search.order.2: "1und1 Suche"

FF - prefs.js..browser.search.order.3: "amazon.de"

FF - prefs.js..browser.search.order.4: "WEB.DE Suche"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://autoproxy.aub.edu.lb/autoproxy.pac"

FF - prefs.js..network.proxy.type: 2

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.21 13:58:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 11:38:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.17 13:09:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015 [2011.04.10 20:41:20 | 000,000,000 | ---D | M]

 

[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions

[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2012.01.25 15:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions

[2011.01.23 13:58:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.02.06 13:42:16 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2011.07.23 19:32:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.02.22 13:35:28 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\toolbar@ask.com

[2011.05.29 10:51:30 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zotero@chnm.gmu.edu

[2011.05.29 10:54:53 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zoteroWinWordIntegration@zotero.org

[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\[...]\AppData\Roaming\Mozilla\Firefox\Profiles\ostw0k4k.default\searchplugins\askcom.xml

[2012.01.25 11:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.22 17:46:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.01.28 00:16:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010.01.28 00:16:35 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2009.02.01 22:53:47 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX

[2011.04.10 20:41:20 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\[...]\APPDATA\ROAMING\5015

() (No name found) -- C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009.09.02 02:01:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012.01.25 11:38:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.25 11:37:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.25 11:37:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.01.25 11:37:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.25 11:37:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.25 11:37:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.25 11:37:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.12 18:25:25 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 14880 more lines...

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A022CC-735A-4E8E-A75D-82101EB772DA}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A5A8A1-54F1-4DE8-B1C0-EF2C55B41FA2}: NameServer = 193.188.130.35

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)

O24 - Desktop WallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²

O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun

O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun

O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun

O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun

O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{a0e39a87-ffa9-11de-b29d-001e3775b244}\Shell\AutoRun\command - "" = H:\Setup.exe

O33 - MountPoints2\{ab0c9288-b87f-11dd-b36d-001e3775b244}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 08:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.11 11:10:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.11 11:10:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.11 11:10:16 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.11 11:09:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.11 11:09:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2011.06.12 13:03:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe

[2008.04.24 22:20:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.31 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.31 21:31:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.31 21:31:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.31 14:50:03 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012.01.31 14:08:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 11:40:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.31 09:30:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.30 21:16:09 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.01.30 20:02:14 | 000,000,592 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - [...].job

[2012.01.30 19:05:55 | 000,468,376 | ---- | M] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf

[2012.01.30 19:05:30 | 000,146,600 | ---- | M] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf

[2012.01.14 16:43:35 | 000,700,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.14 16:43:35 | 000,654,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.14 16:43:35 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.14 16:43:34 | 000,156,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.13 21:41:20 | 000,074,374 | ---- | M] () -- C:\Users\[...]\Desktop\corp0222.pdf

[2012.01.11 14:58:22 | 000,036,352 | ---- | M] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.30 19:05:55 | 000,468,376 | ---- | C] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf

[2012.01.30 19:05:30 | 000,146,600 | ---- | C] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf

[2012.01.13 21:41:20 | 000,074,374 | ---- | C] () -- C:\Users\[...]\Desktop\corp0222.pdf

[2011.07.23 11:26:25 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini

[2011.04.19 10:11:56 | 000,301,568 | ---- | C] () -- C:\Program Files\g6wkvncr.exe

[2010.11.09 13:18:19 | 000,105,582 | ---- | C] () -- C:\Program Files\Uninstall-LyX.exe

[2010.08.01 17:08:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.ini

[2009.10.20 21:07:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.20 21:07:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.10.20 21:05:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.09.11 02:56:55 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL

[2009.06.07 19:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.02.01 22:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2009.01.08 21:20:54 | 000,000,098 | ---- | C] () -- C:\Users\[...]\AppData\Local\fusioncache.dat

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.10.06 20:08:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.28 11:20:04 | 000,000,680 | ---- | C] () -- C:\Users\[...]\AppData\Local\d3d9caps.dat

[2008.06.29 15:59:57 | 000,024,206 | ---- | C] () -- C:\Users\[...]\AppData\Roaming\UserTile.png

[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2008.05.29 20:50:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\46411382A6.sys

[2008.05.29 20:50:22 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

[2008.04.25 14:42:37 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat

[2008.04.25 14:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008.04.24 22:20:06 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe

[2008.04.24 22:20:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll

[2008.04.24 22:20:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll

[2008.04.24 22:20:00 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll

[2008.04.20 20:42:02 | 000,036,352 | ---- | C] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.04.20 20:12:11 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2008.04.20 20:12:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2008.04.20 20:12:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2008.04.20 20:12:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2008.04.20 20:12:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2008.04.20 20:12:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2008.04.20 20:12:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2008.04.20 20:12:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2008.04.20 20:12:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2008.04.20 20:12:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2008.04.20 20:12:11 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2008.04.20 20:12:11 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2008.04.20 20:12:11 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2008.04.20 20:12:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2008.04.20 20:12:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2008.04.20 20:04:59 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini

[2008.04.19 10:18:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008.04.19 10:18:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008.04.19 10:18:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008.04.19 10:18:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll

[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.11.09 17:45:55 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2006.11.09 17:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 16:42:41 | 000,700,174 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:42:41 | 000,156,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:43 | 000,546,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 11:33:01 | 000,654,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,127,072 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2003.11.17 18:33:38 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe

[2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll

[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll

[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll

[2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll

[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll

[1999.11.27 23:00:00 | 000,000,012 | ---- | C] () -- C:\Windows\WordsofDhamma.INI

 
 ========== LOP Check ==========

 

[2011.04.10 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\5015

[2009.06.10 04:26:31 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Autodesk

[2008.05.10 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dev-Cpp

[2011.03.03 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\digital publishing

[2011.12.17 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dropbox

[2011.07.23 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.02 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Eddym

[2009.11.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\EPSON

[2008.10.17 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\eXPert PDF Editor

[2011.03.07 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\gtk-2.0

[2008.04.19 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Hewlett Packard

[2008.12.02 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\ICAClient

[2008.09.19 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\InterVideo

[2010.01.31 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Karteikartentrainer

[2011.04.10 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\kock

[2011.07.01 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Kyex

[2009.10.08 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LimeWire

[2010.11.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LyX16

[2009.01.08 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Mathsoft

[2010.11.14 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\mresreg

[2009.01.25 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\OpenOffice.org

[2011.04.11 11:09:58 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PCFix

[2008.06.29 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PeerNetworking

[2009.02.11 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\RETScreen

[2008.05.29 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SampleView

[2011.07.20 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SumatraPDF

[2011.05.21 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Swiss Academic Software

[2010.07.06 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Tinn-R

[2011.07.23 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\TubeBox

[2011.04.11 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\UAs

[2008.10.28 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Unigraphics Solutions

[2011.09.16 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Vodafone

[2011.06.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\xmldm

[2012.01.30 21:16:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\[...]\Documents\www.torrent.to...Princesas.DVDRiP.MD.German.MVCD.mpg:TOC.WMV
 

< End of report >

--- --- ---
[\code]

OTL Logfile:

Code:

OTL Extras logfile created on: 31.01.2012 22:45:59 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\[...]\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 29,34% Memory free

4,22 Gb Paging File | 2,15 Gb Available in Paging File | 50,90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223,38 Gb Total Space | 47,79 Gb Free Space | 21,39% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS

Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

 

Computer Name: HOME | User Name: [...]| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{BBE2CE54-674E-4179-AAE7-27C4DB2E8CA2}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C2001774-724F-41D4-99B6-066ADBEDE0EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{F2AED1CB-B596-4212-B9F9-E8CAC719F88C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01937BFF-7A50-4B9A-9CB0-326A20437AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{25BC4C3C-CE15-4524-9EC4-15C63C2D3CF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{469CBB76-88F5-41D6-8974-2D03110B511A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{504848D8-C524-4F3C-8F94-36C1EB62971E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{512EA11E-CA24-4546-9A0D-D074CF7A632C}" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7E1A66DE-1575-468A-80FF-68A4091CBD13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{81743A39-1942-483E-9A2C-F93CAE45E001}" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"{9BBB1A72-BDFB-4323-9ACF-0FFB91C1D877}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{CE66FF6E-34D1-4E78-8257-D04A58DAC07F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{193EB2D3-2BF2-4F3B-BA8F-9D8435A2D0EA}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{1B04FAF1-DB4B-4BE5-B8B5-39B5C88039A1}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe | 

"TCP Query User{1B580D07-A9B5-465F-9C5E-C623CE9694A0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{2350845C-127B-4906-8834-4CEF563D4D67}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 

"TCP Query User{2F1776ED-4EE2-4BBF-8B00-6108A4C3F4C5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{51CE0D93-DC7B-41D7-AEC5-8217E2BB1D35}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{56243DE6-C0BD-4351-A236-2512628C39EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{6ABEF9EE-100A-482A-8874-BA303ACBC573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{88AE56F1-A63F-43F5-801E-DE99B013AF64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{A00167C6-CF27-40A1-BB15-B42E947C62F9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 

"TCP Query User{A2104397-A655-4497-8DBE-120A3FBCA691}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B773B6FF-A87D-4266-8827-F6141EEFD026}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{C67A32DA-0C69-49FA-B444-CB869D065067}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"TCP Query User{FBD2934E-DAEC-42CC-8A25-740FA3A65811}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{0E0EA0FA-E775-4FEF-A94B-366BC1CB9A1F}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{3AE130D5-4070-4A38-9ACC-93412E73196A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{596C43F3-DF81-4D59-A3A5-F40B21295B5E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{65EC33B2-0903-4367-B2B0-65FC8784CAA4}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe | 

"UDP Query User{77A5C851-89DF-462D-ADD3-2080E2A1EE96}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 

"UDP Query User{8C616AF9-3A02-4F0C-B313-E099ECD7A748}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{95E66C69-2133-4B02-9A14-7CDF7FA8D752}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{A1E12EC7-44DA-48DA-9B35-FE3E2A8A0D9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{B14600AB-FAEF-4E74-A71C-0420B8AB6E0F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{DA663C87-BDDE-410C-A539-D705910C1622}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 

"UDP Query User{DE996E13-6139-4612-B396-F35C8B66FDE9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{F0767A7B-5C2D-4FC7-945B-9181560CB09F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{F550517C-C88A-4A60-9CD3-7FBAC034C10D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{FF497F51-7880-4C9F-8AD3-CFF39A3C574A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1B3AE30B-737B-48DB-B690-1A68DBF26514}" = SymNet

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23

"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager

"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security

"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English

"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer

"{7A98A7F3-3A1D-4E14-8204-AFFEE1EF72EA}" = Symantec Real Time Storage Protection Component

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail

"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German

"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8

"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU

"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English

"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist

"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend

"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools

"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA

"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component

"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1

"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi

"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13

"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update

"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client

"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer

"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1489-3350-5074-6281" = JDownloader 0.9

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AOL Toolbar" = AOL Toolbar 5.0

"Aspell" = Aspell Data

"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)

"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"Citrix ICA Web Client" = Citrix ICA Web Client

"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"EES - Engineering Equation Solver" = EES - Engineering Equation Solver

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"FinePrint" = FinePrint

"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HomepageFIX_is1" = HomepageFIX

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"INTERACTIVE ENGLISH VM" = INTERACTIVE ENGLISH VM (Insert CD-ROM)

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"LyX" = LyX 1.6.7-4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"MatlabR14SP3" = MATLAB 7.1

"MatlabR2010a" = MATLAB R2010a

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)

"PDFCreator Toolbar" = PDFCreator Toolbar

"PROSet" = Intel(R) PRO Network Connections Drivers

"R for Windows 2.10.1_is1" = R for Windows 2.10.1

"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows

"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar

"SumatraPDF" = SumatraPDF

"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"Tinn-R_is1" = Tinn-R 2.3.5.2

"VirtualCloneDrive" = VirtualCloneDrive

"WEB.DE Update" = WEB.DE Update

"WinGimp-2.0_is1" = GIMP 2.4.5

"WinRAR archiver" = WinRAR

"Words_of_Dhamma" = Words of Dhamma

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 30.01.2012 05:43:35 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 31.01.2012 04:30:52 | Computer Name = home | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 31.01.2012 04:35:41 | Computer Name = home | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 31.01.2012 17:45:06 | Computer Name = home | Source = Application Hang | ID = 1002

Description = Programm OTL.exe, Version 3.2.31.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 144c  Anfangszeit: 01cce06134d66acc  Zeitpunkt der Beendigung:

 12

 

[ OSession Events ]

Error - 17.05.2011 13:30:32 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 127

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 27.09.2011 17:53:23 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3821

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 29.09.2011 00:46:13 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57324

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.10.2011 08:42:59 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 28.10.2011 16:55:25 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1846

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 15.11.2011 12:58:43 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2604

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 19.11.2011 12:19:45 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 27.11.2011 10:29:41 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1007

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 27.11.2011 10:35:47 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.12.2011 16:14:30 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13.09.2008 14:11:21 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 13.09.2008 16:42:17 | Computer Name = home | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 13.09.2008 16:43:35 | Computer Name = home | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 13.09.2008 17:05:46 | Computer Name = home | Source = DCOM | ID = 10010

Description = 

 

Error - 14.09.2008 15:20:47 | Computer Name = home | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 14.09.2008 15:20:48 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 15.09.2008 12:39:50 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 09:50:16 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 11:43:44 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 16:43:56 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

 

< End of report >

--- --- ---
[\code]

Ich habe meinen Benutzername durch [...] ersetzt. Ich hoffe ich habe ansonsten keine sensitiven infos gepostet?
Ich habe da diese porn und Glückspiel Seiten oder was auch immer das ist gefunden, ich weiß nicht was das ist und wie das auf meinen Computer gelangt (zB O1 - Hosts: 127.0.0.1 123fporn.info) .Ehrlich. Wenn du weißt was das ist und woher das kommt würde ich mich über eine kurze Aufklärung freuen.
Ansonsten wurde mal etwas mir unklares Zeug installiert damit ich über ein Netzwerk Software wie Matlab etc nutzen kann. Ich weiß nicht ob das mit rechten Dingen zu ging, ich weiß nur, dass mein Computer danach viel langsamer war.

hoffe ich habe die richtigen Ausgaben gepostet.
Viele Grüße und vielen Dank!

Hallo.

Superantispyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/01/2012 at 07:15 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8187

Trace Rules Database Version: 5999
 

Scan type       : Complete Scan

Total Scan Time : 02:47:34
 

Operating System Information

Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 705

Memory threats detected   : 0

Registry items scanned    : 28307

Registry threats detected : 0

File items scanned        : 124119

File threats detected     : 9
 

Adware.Tracking Cookie

        C:\USERS\[...]\AppData\Roaming\Microsoft\Windows\Cookies\Low\[...]@www.google[1].txt [ Cookie:[...]@www.google.com/accounts ]

        .invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]

        media.mtvnservices.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]

        secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]

        vht.tradedoubler.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]

        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.CPCADNET[1].TXT [ /WWW.CPCADNET ]
 

Trojan.Agent/Gen-ReLoader

        C:\USERS\[...]\DESKTOP\AUBWIRELESS CONFIGURATION\PROXYCONFIG.EXE

Hier meine zwei OTL Ausgaben:
OTL Logfile:

Code:

OTL logfile created on: 02.02.2012 21:12:10 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\[...]\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free

4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS

Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

 

Computer Name: HOME | User Name: [...] | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.31 19:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[...]\Downloads\OTL.exe

PRC - [2012.01.25 11:37:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2008.07.04 11:52:14 | 002,072,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

PRC - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.03.29 12:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007.03.29 12:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2005.08.11 20:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB71\bin\win32\MATLAB.exe

PRC - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.02 19:42:23 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.02.02 19:42:23 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.02.01 16:27:15 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.02.01 16:27:15 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2012.01.25 11:37:57 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2012.01.11 11:08:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll

MOD - [2011.11.25 10:48:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011.10.15 11:53:49 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011.10.15 11:53:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MOD - [2011.10.15 11:53:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll

MOD - [2011.10.15 11:53:00 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll

MOD - [2011.10.15 11:52:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011.10.15 11:03:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011.10.15 11:02:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011.10.15 11:02:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011.10.15 11:01:20 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll

MOD - [2011.10.15 10:59:34 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011.10.15 10:58:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.08.24 13:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

MOD - [2007.03.29 12:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007.03.29 11:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2009.06.05 03:13:20 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007.06.08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.06.21 14:05:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007.09.14 16:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.06.08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007.05.24 15:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2007.04.16 02:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006.06.28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.2: ""

FF - prefs.js..browser.search.order.3: ""

FF - prefs.js..browser.search.order.4: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.21 13:58:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 11:38:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 21:08:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015

 

[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions

[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2012.02.01 16:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions

[2010.02.06 13:42:16 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2011.05.29 10:51:30 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zotero@chnm.gmu.edu

[2011.05.29 10:54:53 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zoteroWinWordIntegration@zotero.org

[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\[...]\AppData\Roaming\Mozilla\Firefox\Profiles\ostw0k4k.default\searchplugins\askcom.xml

[2012.02.01 21:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.22 17:46:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.01.28 00:16:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2012.02.01 20:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009.09.02 02:01:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012.01.25 11:38:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.01 20:55:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.25 11:37:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.25 11:37:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.25 11:37:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.25 11:37:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

 

O1 HOSTS File: ([2011.04.12 18:25:25 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 14880 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A022CC-735A-4E8E-A75D-82101EB772DA}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A5A8A1-54F1-4DE8-B1C0-EF2C55B41FA2}: NameServer = 193.188.130.35

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)

O24 - Desktop WallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.02 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\[...]\Desktop\überprüfung

[2012.02.02 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\Avira

[2012.02.02 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.02.02 21:02:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.02 21:02:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.02.02 21:02:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.02.01 20:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.02.01 20:56:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.02.01 16:26:57 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\SUPERAntiSpyware.com

[2012.02.01 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.02.01 16:10:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.31 23:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.01.31 23:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.01.11 11:10:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.11 11:10:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.11 11:10:16 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.11 11:09:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.11 11:09:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2011.06.12 13:03:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe

[2008.04.24 22:20:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.02 21:02:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.02 19:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.02 19:31:18 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.02.02 19:08:31 | 251,223,540 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.02.02 16:06:55 | 000,000,991 | ---- | M] () -- C:\Users\[...]\Desktop\g6wkvncr - Verknüpfung.lnk

[2012.02.02 16:03:55 | 000,157,311 | ---- | M] () -- C:\Users\[...]\Desktop\dok2.pdf

[2012.02.02 14:50:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012.02.02 11:02:55 | 000,700,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.02 11:02:55 | 000,654,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.02 11:02:55 | 000,156,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.02 11:02:55 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.01 21:08:06 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.01 20:55:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.02.01 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.02.01 20:55:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.02.01 20:55:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.02.01 16:25:32 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.02.01 15:08:16 | 000,259,728 | ---- | M] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg

[2012.02.01 14:27:50 | 000,009,003 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012.01.31 23:18:47 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.31 14:08:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.30 19:05:55 | 000,468,376 | ---- | M] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf

[2012.01.30 19:05:30 | 000,146,600 | ---- | M] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf

[2012.01.13 21:41:20 | 000,074,374 | ---- | M] () -- C:\Users\[...]\Desktop\corp0222.pdf

[2012.01.11 14:58:22 | 000,036,352 | ---- | M] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.02 21:02:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.02 19:08:31 | 251,223,540 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012.02.02 16:03:43 | 000,157,311 | ---- | C] () -- C:\Users\[...]\Desktop\dok2.pdf

[2012.02.01 21:08:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.02.01 21:08:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.01 16:25:32 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.02.01 15:07:49 | 000,259,728 | ---- | C] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg

[2012.02.01 14:21:34 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012.01.31 23:18:47 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.30 19:05:55 | 000,468,376 | ---- | C] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf

[2012.01.30 19:05:30 | 000,146,600 | ---- | C] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf

[2012.01.13 21:41:20 | 000,074,374 | ---- | C] () -- C:\Users\[...]\Desktop\corp0222.pdf

[2011.07.23 11:26:25 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini

[2010.11.09 13:18:19 | 000,105,582 | ---- | C] () -- C:\Program Files\Uninstall-LyX.exe

[2010.08.01 17:08:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.ini

[2009.10.20 21:07:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.20 21:07:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.10.20 21:05:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.09.11 02:56:55 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL

[2009.06.07 19:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.02.01 22:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2009.01.08 21:20:54 | 000,000,098 | ---- | C] () -- C:\Users\[...]\AppData\Local\fusioncache.dat

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.10.06 20:08:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.28 11:20:04 | 000,000,680 | ---- | C] () -- C:\Users\[...]\AppData\Local\d3d9caps.dat

[2008.06.29 15:59:57 | 000,024,206 | ---- | C] () -- C:\Users\[...]\AppData\Roaming\UserTile.png

[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2008.05.29 20:50:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\46411382A6.sys

[2008.05.29 20:50:22 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

[2008.04.25 14:42:37 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat

[2008.04.25 14:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008.04.24 22:20:06 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe

[2008.04.24 22:20:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll

[2008.04.24 22:20:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll

[2008.04.24 22:20:00 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll

[2008.04.20 20:42:02 | 000,036,352 | ---- | C] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.04.20 20:12:11 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2008.04.20 20:12:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2008.04.20 20:12:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2008.04.20 20:12:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2008.04.20 20:12:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2008.04.20 20:12:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2008.04.20 20:12:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2008.04.20 20:12:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2008.04.20 20:12:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2008.04.20 20:12:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2008.04.20 20:12:11 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2008.04.20 20:12:11 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2008.04.20 20:12:11 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2008.04.20 20:12:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2008.04.20 20:12:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2008.04.20 20:04:59 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini

[2008.04.19 10:18:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008.04.19 10:18:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008.04.19 10:18:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008.04.19 10:18:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll

[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.11.09 17:45:55 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2006.11.09 17:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 16:42:41 | 000,700,174 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:42:41 | 000,156,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:43 | 000,546,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 11:33:01 | 000,654,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,127,072 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2003.11.17 18:33:38 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe

[2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll

[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll

[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll

[2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll

[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll

[1999.11.27 23:00:00 | 000,000,012 | ---- | C] () -- C:\Windows\WordsofDhamma.INI

 
 ========== LOP Check ==========

 

[2009.06.10 04:26:31 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Autodesk

[2008.05.10 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dev-Cpp

[2011.03.03 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\digital publishing

[2011.12.17 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dropbox

[2011.07.23 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.02 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Eddym

[2009.11.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\EPSON

[2008.10.17 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\eXPert PDF Editor

[2011.03.07 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\gtk-2.0

[2008.04.19 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Hewlett Packard

[2008.12.02 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\ICAClient

[2008.09.19 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\InterVideo

[2010.01.31 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Karteikartentrainer

[2010.11.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LyX16

[2009.01.08 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Mathsoft

[2010.11.14 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\mresreg

[2009.01.25 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\OpenOffice.org

[2011.04.11 11:09:58 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PCFix

[2008.06.29 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PeerNetworking

[2009.02.11 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\RETScreen

[2008.05.29 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SampleView

[2011.07.20 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SumatraPDF

[2011.05.21 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Swiss Academic Software

[2010.07.06 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Tinn-R

[2011.07.23 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\TubeBox

[2008.10.28 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Unigraphics Solutions

[2011.09.16 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Vodafone

[2011.06.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\xmldm

[2012.02.02 19:31:24 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/Code]

OTL Logfile:

Code:

OTL Extras logfile created on: 02.02.2012 21:12:10 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\[...]\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free

4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS

Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS

 

Computer Name: HOME | User Name: [...] | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{BBE2CE54-674E-4179-AAE7-27C4DB2E8CA2}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C2001774-724F-41D4-99B6-066ADBEDE0EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{F2AED1CB-B596-4212-B9F9-E8CAC719F88C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01937BFF-7A50-4B9A-9CB0-326A20437AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{25BC4C3C-CE15-4524-9EC4-15C63C2D3CF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{469CBB76-88F5-41D6-8974-2D03110B511A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{504848D8-C524-4F3C-8F94-36C1EB62971E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{512EA11E-CA24-4546-9A0D-D074CF7A632C}" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"{7E1A66DE-1575-468A-80FF-68A4091CBD13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{81743A39-1942-483E-9A2C-F93CAE45E001}" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"{9BBB1A72-BDFB-4323-9ACF-0FFB91C1D877}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{CE66FF6E-34D1-4E78-8257-D04A58DAC07F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{193EB2D3-2BF2-4F3B-BA8F-9D8435A2D0EA}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{1B04FAF1-DB4B-4BE5-B8B5-39B5C88039A1}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe | 

"TCP Query User{1B580D07-A9B5-465F-9C5E-C623CE9694A0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{2F1776ED-4EE2-4BBF-8B00-6108A4C3F4C5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{51CE0D93-DC7B-41D7-AEC5-8217E2BB1D35}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{56243DE6-C0BD-4351-A236-2512628C39EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{6ABEF9EE-100A-482A-8874-BA303ACBC573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{88AE56F1-A63F-43F5-801E-DE99B013AF64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{A00167C6-CF27-40A1-BB15-B42E947C62F9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 

"TCP Query User{A2104397-A655-4497-8DBE-120A3FBCA691}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B773B6FF-A87D-4266-8827-F6141EEFD026}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{C67A32DA-0C69-49FA-B444-CB869D065067}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"TCP Query User{FBD2934E-DAEC-42CC-8A25-740FA3A65811}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{0E0EA0FA-E775-4FEF-A94B-366BC1CB9A1F}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{3AE130D5-4070-4A38-9ACC-93412E73196A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{596C43F3-DF81-4D59-A3A5-F40B21295B5E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{65EC33B2-0903-4367-B2B0-65FC8784CAA4}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe | 

"UDP Query User{77A5C851-89DF-462D-ADD3-2080E2A1EE96}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 

"UDP Query User{8C616AF9-3A02-4F0C-B313-E099ECD7A748}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{95E66C69-2133-4B02-9A14-7CDF7FA8D752}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{A1E12EC7-44DA-48DA-9B35-FE3E2A8A0D9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{B14600AB-FAEF-4E74-A71C-0420B8AB6E0F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{DE996E13-6139-4612-B396-F35C8B66FDE9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{F0767A7B-5C2D-4FC7-945B-9181560CB09F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{F550517C-C88A-4A60-9CD3-7FBAC034C10D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{FF497F51-7880-4C9F-8AD3-CFF39A3C574A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager

"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English

"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer

"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8

"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU

"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English

"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend

"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools

"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA

"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1

"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi

"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13

"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update

"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer

"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1489-3350-5074-6281" = JDownloader 0.9

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AOL Toolbar" = AOL Toolbar 5.0

"Aspell" = Aspell Data

"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)

"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"Avira AntiVir Desktop" = Avira Free Antivirus

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"CCleaner" = CCleaner

"Citrix ICA Web Client" = Citrix ICA Web Client

"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"EES - Engineering Equation Solver" = EES - Engineering Equation Solver

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"FinePrint" = FinePrint

"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HomepageFIX_is1" = HomepageFIX

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"INTERACTIVE ENGLISH VM" = INTERACTIVE ENGLISH VM (Insert CD-ROM)

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"LyX" = LyX 1.6.7-4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"MatlabR14SP3" = MATLAB 7.1

"MatlabR2010a" = MATLAB R2010a

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)

"PDFCreator Toolbar" = PDFCreator Toolbar

"PROSet" = Intel(R) PRO Network Connections Drivers

"R for Windows 2.10.1_is1" = R for Windows 2.10.1

"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"Tinn-R_is1" = Tinn-R 2.3.5.2

"VirtualCloneDrive" = VirtualCloneDrive

"WEB.DE Update" = WEB.DE Update

"WinRAR archiver" = WinRAR

"Words_of_Dhamma" = Words of Dhamma

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02.02.2012 14:09:17 | Computer Name = home | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 02.02.2012 14:11:00 | Computer Name = home | Source = matlabserver | ID = 0

Description = 

 

Error - 02.02.2012 14:12:05 | Computer Name = home | Source = matlabserver | ID = 0

Description = 

 

Error - 02.02.2012 14:14:53 | Computer Name = home | Source = Application Hang | ID = 1002

Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 

mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet

 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 

über das Problem zu suchen.  Prozess-ID: bb8  Anfangszeit: 01cce1d5c5386a2f  Zeitpunkt

 der Beendigung: 31

 

Error - 02.02.2012 14:17:06 | Computer Name = home | Source = VSS | ID = 8194

Description = 

 

Error - 02.02.2012 14:22:04 | Computer Name = home | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 02.02.2012 14:23:52 | Computer Name = home | Source = matlabserver | ID = 0

Description = 

 

Error - 02.02.2012 14:24:39 | Computer Name = home | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 02.02.2012 14:24:57 | Computer Name = home | Source = matlabserver | ID = 0

Description = 

 

Error - 02.02.2012 14:32:39 | Computer Name = home | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

[ OSession Events ]

Error - 17.05.2011 13:30:32 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 127

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 27.09.2011 17:53:23 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3821

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 29.09.2011 00:46:13 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57324

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.10.2011 08:42:59 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 28.10.2011 16:55:25 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1846

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 15.11.2011 12:58:43 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2604

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 19.11.2011 12:19:45 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 27.11.2011 10:29:41 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1007

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 27.11.2011 10:35:47 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.12.2011 16:14:30 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13.09.2008 14:11:21 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 13.09.2008 16:42:17 | Computer Name = home | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 13.09.2008 16:43:35 | Computer Name = home | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 13.09.2008 17:05:46 | Computer Name = home | Source = DCOM | ID = 10010

Description = 

 

Error - 14.09.2008 15:20:47 | Computer Name = home | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 14.09.2008 15:20:48 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 15.09.2008 12:39:50 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 09:50:16 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 11:43:44 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 17.09.2008 16:43:56 | Computer Name = home | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

 

< End of report >

--- --- ---

[/Code]

Im Anhan der OTL Text nach dem Kill.

Unter Autostarprogramme steht immernoch folgendes:

Code:

Dateiname: jashla.exe

Startwert: C:\Users\[...]\AppData\Roaming\jashla.exe

Dateipfad: C:\Users\[...]\AppData\Roaming\jashla.exe

Starttyp: Registrierung: Aktueller Benutzer

Speicherort: Software\Microsoft\Windows\CurrentVersion\Run

Klassifizierung: Deaktiviert

SpyNet-Abstimmung: In Bearbeitung

Den online Scan habe ich noch nicht geschafft, da er sehr lange dauert und ich außerdem 2x unterbrechen musste. (30% nach 9 stunden)

Ich habe Avira runterzuladen und zu installieren, schon 3 mal, aber immer sagt Avira am Ende, dass bei der Installation ein Fehler aufgetreten ist. Ich kann das Avira Fenster dann öffnen, aber es gibt ein Problem beim Updaten und mit dem Planer. Wenn der funktionieren würde, dann würde ich auch Spybot löschen.

Grüße!
PS: Mein Benutzername habe ich wieder durch [...] ersetzt.