Hallo.
Superantispyware: Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/01/2012 at 07:15 PM
Application Version : 5.0.1142
Core Rules Database Version : 8187
Trace Rules Database Version: 5999
Scan type : Complete Scan
Total Scan Time : 02:47:34
Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 705
Memory threats detected : 0
Registry items scanned : 28307
Registry threats detected : 0
File items scanned : 124119
File threats detected : 9
Adware.Tracking Cookie
C:\USERS\[...]\AppData\Roaming\Microsoft\Windows\Cookies\Low\[...]@www.google[1].txt [ Cookie:[...]@www.google.com/accounts ]
.invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
media.mtvnservices.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
vht.tradedoubler.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.CPCADNET[1].TXT [ /WWW.CPCADNET ]
Trojan.Agent/Gen-ReLoader
C:\USERS\[...]\DESKTOP\AUBWIRELESS CONFIGURATION\PROXYCONFIG.EXE
Hier meine zwei OTL Ausgaben:
OTL Logfile: Code:
OTL logfile created on: 02.02.2012 21:12:10 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free
4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: [...] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.31 19:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[...]\Downloads\OTL.exe
PRC - [2012.01.25 11:37:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.07.04 11:52:14 | 002,072,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.03.29 12:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.29 12:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005.08.11 20:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB71\bin\win32\MATLAB.exe
PRC - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.02 19:42:23 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.02.02 19:42:23 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.02.01 16:27:15 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.02.01 16:27:15 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.01.25 11:37:57 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.01.11 11:08:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.11.25 10:48:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.15 11:53:49 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.15 11:53:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.10.15 11:53:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.15 11:53:00 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll
MOD - [2011.10.15 11:52:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.15 11:03:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.15 11:02:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.15 11:02:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.15 11:01:20 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011.10.15 10:59:34 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.15 10:58:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.08.24 13:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 12:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 11:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009.06.05 03:13:20 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)
========== Driver Services (SafeList) ==========
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.21 14:05:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.14 16:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.06.08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.05.24 15:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.04.16 02:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.order.3: ""
FF - prefs.js..browser.search.order.4: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.21 13:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 11:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 21:08:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015
[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions
[2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.02.01 16:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions
[2010.02.06 13:42:16 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011.05.29 10:51:30 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zotero@chnm.gmu.edu
[2011.05.29 10:54:53 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zoteroWinWordIntegration@zotero.org
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\[...]\AppData\Roaming\Mozilla\Firefox\Profiles\ostw0k4k.default\searchplugins\askcom.xml
[2012.02.01 21:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 17:46:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.01.28 00:16:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.02.01 20:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009.09.02 02:01:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.01.25 11:38:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.01 20:55:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.25 11:37:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.25 11:37:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.25 11:37:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.25 11:37:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
O1 HOSTS File: ([2011.04.12 18:25:25 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A022CC-735A-4E8E-A75D-82101EB772DA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A5A8A1-54F1-4DE8-B1C0-EF2C55B41FA2}: NameServer = 193.188.130.35
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.02.02 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\[...]\Desktop\überprüfung
[2012.02.02 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\Avira
[2012.02.02 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.02 21:02:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.02 21:02:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.02.02 21:02:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.01 20:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.01 20:56:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.01 16:26:57 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.01 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.02.01 16:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.31 23:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.31 23:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.11 11:10:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 11:10:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 11:10:16 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 11:09:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 11:09:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011.06.12 13:03:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe
[2008.04.24 22:20:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.02.02 21:02:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 19:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.02 19:31:18 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.02 19:08:31 | 251,223,540 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 16:06:55 | 000,000,991 | ---- | M] () -- C:\Users\[...]\Desktop\g6wkvncr - Verknüpfung.lnk
[2012.02.02 16:03:55 | 000,157,311 | ---- | M] () -- C:\Users\[...]\Desktop\dok2.pdf
[2012.02.02 14:50:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.02 11:02:55 | 000,700,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.02 11:02:55 | 000,654,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.02 11:02:55 | 000,156,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.02 11:02:55 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.01 21:08:06 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.01 20:55:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.01 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.01 20:55:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.01 20:55:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.01 16:25:32 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.01 15:08:16 | 000,259,728 | ---- | M] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg
[2012.02.01 14:27:50 | 000,009,003 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012.01.31 23:18:47 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.31 14:08:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.30 19:05:55 | 000,468,376 | ---- | M] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf
[2012.01.30 19:05:30 | 000,146,600 | ---- | M] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf
[2012.01.13 21:41:20 | 000,074,374 | ---- | M] () -- C:\Users\[...]\Desktop\corp0222.pdf
[2012.01.11 14:58:22 | 000,036,352 | ---- | M] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.02 21:02:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.02 19:08:31 | 251,223,540 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.02.02 16:03:43 | 000,157,311 | ---- | C] () -- C:\Users\[...]\Desktop\dok2.pdf
[2012.02.01 21:08:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.01 21:08:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.01 16:25:32 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.01 15:07:49 | 000,259,728 | ---- | C] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg
[2012.02.01 14:21:34 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012.01.31 23:18:47 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.30 19:05:55 | 000,468,376 | ---- | C] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf
[2012.01.30 19:05:30 | 000,146,600 | ---- | C] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf
[2012.01.13 21:41:20 | 000,074,374 | ---- | C] () -- C:\Users\[...]\Desktop\corp0222.pdf
[2011.07.23 11:26:25 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini
[2010.11.09 13:18:19 | 000,105,582 | ---- | C] () -- C:\Program Files\Uninstall-LyX.exe
[2010.08.01 17:08:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.ini
[2009.10.20 21:07:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 21:07:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.20 21:05:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.09.11 02:56:55 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL
[2009.06.07 19:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.01 22:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.01.08 21:20:54 | 000,000,098 | ---- | C] () -- C:\Users\[...]\AppData\Local\fusioncache.dat
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.06 20:08:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.28 11:20:04 | 000,000,680 | ---- | C] () -- C:\Users\[...]\AppData\Local\d3d9caps.dat
[2008.06.29 15:59:57 | 000,024,206 | ---- | C] () -- C:\Users\[...]\AppData\Roaming\UserTile.png
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.29 20:50:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\46411382A6.sys
[2008.05.29 20:50:22 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.04.25 14:42:37 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008.04.25 14:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.24 22:20:06 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2008.04.24 22:20:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2008.04.24 22:20:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2008.04.24 22:20:00 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2008.04.20 20:42:02 | 000,036,352 | ---- | C] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.20 20:12:11 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.04.20 20:12:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.04.20 20:12:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.04.20 20:12:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.04.20 20:12:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.04.20 20:12:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.04.20 20:12:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.04.20 20:12:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.04.20 20:12:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.04.20 20:12:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.04.20 20:12:11 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.04.20 20:12:11 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.04.20 20:12:11 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.04.20 20:12:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.04.20 20:12:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.04.20 20:04:59 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008.04.19 10:18:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.04.19 10:18:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.04.19 10:18:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.04.19 10:18:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.09 17:45:55 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.09 17:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:42:41 | 000,700,174 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:42:41 | 000,156,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,546,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,654,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,127,072 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003.11.17 18:33:38 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe
[2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll
[1999.11.27 23:00:00 | 000,000,012 | ---- | C] () -- C:\Windows\WordsofDhamma.INI
========== LOP Check ==========
[2009.06.10 04:26:31 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Autodesk
[2008.05.10 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dev-Cpp
[2011.03.03 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\digital publishing
[2011.12.17 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dropbox
[2011.07.23 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.02 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Eddym
[2009.11.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\EPSON
[2008.10.17 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\eXPert PDF Editor
[2011.03.07 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\gtk-2.0
[2008.04.19 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Hewlett Packard
[2008.12.02 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\ICAClient
[2008.09.19 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\InterVideo
[2010.01.31 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Karteikartentrainer
[2010.11.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LyX16
[2009.01.08 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Mathsoft
[2010.11.14 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\mresreg
[2009.01.25 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\OpenOffice.org
[2011.04.11 11:09:58 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PCFix
[2008.06.29 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PeerNetworking
[2009.02.11 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\RETScreen
[2008.05.29 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SampleView
[2011.07.20 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SumatraPDF
[2011.05.21 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Swiss Academic Software
[2010.07.06 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Tinn-R
[2011.07.23 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\TubeBox
[2008.10.28 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Unigraphics Solutions
[2011.09.16 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Vodafone
[2011.06.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\xmldm
[2012.02.02 19:31:24 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
[/Code]
OTL Logfile: Code:
OTL Extras logfile created on: 02.02.2012 21:12:10 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free
4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: [...] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BBE2CE54-674E-4179-AAE7-27C4DB2E8CA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2001774-724F-41D4-99B6-066ADBEDE0EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2AED1CB-B596-4212-B9F9-E8CAC719F88C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01937BFF-7A50-4B9A-9CB0-326A20437AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25BC4C3C-CE15-4524-9EC4-15C63C2D3CF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{469CBB76-88F5-41D6-8974-2D03110B511A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{504848D8-C524-4F3C-8F94-36C1EB62971E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{512EA11E-CA24-4546-9A0D-D074CF7A632C}" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E1A66DE-1575-468A-80FF-68A4091CBD13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81743A39-1942-483E-9A2C-F93CAE45E001}" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BBB1A72-BDFB-4323-9ACF-0FFB91C1D877}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE66FF6E-34D1-4E78-8257-D04A58DAC07F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{193EB2D3-2BF2-4F3B-BA8F-9D8435A2D0EA}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1B04FAF1-DB4B-4BE5-B8B5-39B5C88039A1}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"TCP Query User{1B580D07-A9B5-465F-9C5E-C623CE9694A0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2F1776ED-4EE2-4BBF-8B00-6108A4C3F4C5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{51CE0D93-DC7B-41D7-AEC5-8217E2BB1D35}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{56243DE6-C0BD-4351-A236-2512628C39EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6ABEF9EE-100A-482A-8874-BA303ACBC573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{88AE56F1-A63F-43F5-801E-DE99B013AF64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A00167C6-CF27-40A1-BB15-B42E947C62F9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{A2104397-A655-4497-8DBE-120A3FBCA691}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B773B6FF-A87D-4266-8827-F6141EEFD026}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C67A32DA-0C69-49FA-B444-CB869D065067}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FBD2934E-DAEC-42CC-8A25-740FA3A65811}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0E0EA0FA-E775-4FEF-A94B-366BC1CB9A1F}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3AE130D5-4070-4A38-9ACC-93412E73196A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{596C43F3-DF81-4D59-A3A5-F40B21295B5E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65EC33B2-0903-4367-B2B0-65FC8784CAA4}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"UDP Query User{77A5C851-89DF-462D-ADD3-2080E2A1EE96}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{8C616AF9-3A02-4F0C-B313-E099ECD7A748}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{95E66C69-2133-4B02-9A14-7CDF7FA8D752}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A1E12EC7-44DA-48DA-9B35-FE3E2A8A0D9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B14600AB-FAEF-4E74-A71C-0420B8AB6E0F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DE996E13-6139-4612-B396-F35C8B66FDE9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F0767A7B-5C2D-4FC7-945B-9181560CB09F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F550517C-C88A-4A60-9CD3-7FBAC034C10D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FF497F51-7880-4C9F-8AD3-CFF39A3C574A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13
"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EES - Engineering Equation Solver" = EES - Engineering Equation Solver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FinePrint" = FinePrint
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HomepageFIX_is1" = HomepageFIX
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"INTERACTIVE ENGLISH VM" = INTERACTIVE ENGLISH VM (Insert CD-ROM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LyX" = LyX 1.6.7-4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MatlabR14SP3" = MATLAB 7.1
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROSet" = Intel(R) PRO Network Connections Drivers
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tinn-R_is1" = Tinn-R 2.3.5.2
"VirtualCloneDrive" = VirtualCloneDrive
"WEB.DE Update" = WEB.DE Update
"WinRAR archiver" = WinRAR
"Words_of_Dhamma" = Words of Dhamma
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.02.2012 14:09:17 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 02.02.2012 14:11:00 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:12:05 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:14:53 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: bb8 Anfangszeit: 01cce1d5c5386a2f Zeitpunkt
der Beendigung: 31
Error - 02.02.2012 14:17:06 | Computer Name = home | Source = VSS | ID = 8194
Description =
Error - 02.02.2012 14:22:04 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 02.02.2012 14:23:52 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:24:39 | Computer Name = home | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 02.02.2012 14:24:57 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:32:39 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ OSession Events ]
Error - 17.05.2011 13:30:32 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.09.2011 17:53:23 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3821
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.09.2011 00:46:13 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57324
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.10.2011 08:42:59 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.10.2011 16:55:25 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1846
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.11.2011 12:58:43 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2604
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.11.2011 12:19:45 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 120 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:29:41 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1007
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:35:47 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.12.2011 16:14:30 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.09.2008 14:11:21 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 13.09.2008 16:42:17 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 16:43:35 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 17:05:46 | Computer Name = home | Source = DCOM | ID = 10010
Description =
Error - 14.09.2008 15:20:47 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description =
Error - 14.09.2008 15:20:48 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 15.09.2008 12:39:50 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 09:50:16 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 11:43:44 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 16:43:56 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report > --- --- ---
[/Code]
Im Anhan der OTL Text nach dem Kill.
Unter Autostarprogramme steht immernoch folgendes: Code:
Dateiname: jashla.exe
Startwert: C:\Users\[...]\AppData\Roaming\jashla.exe
Dateipfad: C:\Users\[...]\AppData\Roaming\jashla.exe
Starttyp: Registrierung: Aktueller Benutzer
Speicherort: Software\Microsoft\Windows\CurrentVersion\Run
Klassifizierung: Deaktiviert
SpyNet-Abstimmung: In Bearbeitung Den online Scan habe ich noch nicht geschafft, da er sehr lange dauert und ich außerdem 2x unterbrechen musste. (30% nach 9 stunden)
Ich habe Avira runterzuladen und zu installieren, schon 3 mal, aber immer sagt Avira am Ende, dass bei der Installation ein Fehler aufgetreten ist. Ich kann das Avira Fenster dann öffnen, aber es gibt ein Problem beim Updaten und mit dem Planer. Wenn der funktionieren würde, dann würde ich auch Spybot löschen.
Grüße!
PS: Mein Benutzername habe ich wieder durch [...] ersetzt. |