Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! (https://www.trojaner-board.de/94664-noch-postbank-trojaner-opfer-brauche-tips-profis.html)

Lazminator 11.01.2011 21:48
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!
 
Hallo an ALLE da draußen....

bin neu hier im Forum...wurde mir vom Kollegen empfohlen die Seite.

Habe das Problem mit der Postbank.de Seite...wurde aufgefordert durch ein POP UP Site 40 Tan s einzugeben. Der Wurm ist drin....aber wie werde ich Ihn los???

Bin für jede Hilfe dankbar....

Gruss aus Berlin



hier log vom malware

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
mbam-log-2011-01-11 (20-57-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163551
Laufzeit: 7 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken.
c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken.

cosinus 12.01.2011 10:15
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Lazminator 24.01.2011 18:54
Hi, hier die werte,,,,,danke an euch im Voraus

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
mbam-log-2011-01-11 (20-57-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163551
Laufzeit: 7 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken.
c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken.

Lazminator 24.01.2011 19:09
OTL ERGEBNIS:OTL Logfile:
Code:
OTL logfile created on: 24.01.2011 18:59:25 - Run 1
OTL by OldTimer - Version 3.2.20.5    Folder = C:\Users\Muammer Saglam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
 
Computer Name: MUAMMER-PC | User Name: Muammer Saglam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPNoteBook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HPNoteBook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b236a43f-ea0b-90fd-d2a8-988af5d25090}:4.6.6.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.04.01 13:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 21:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.10 20:52:02 | 000,000,000 | ---D | M]
 
[2008.12.23 01:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Extensions
[2011.01.22 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions
[2009.09.05 22:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.23 14:47:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.15 22:19:40 | 000,000,266 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\Mozilla\Firefox\Profiles\kw638ve2.default\searchplugins\Search.xml
[2011.01.09 17:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:19:27 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{b236a43f-ea0b-90fd-d2a8-988af5d25090}
[2010.07.27 08:15:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.24 09:44:21 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll
[2010.09.18 21:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 21:10:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.18 21:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.18 21:10:17 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.18 21:10:17 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.24 18:55:43 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe
[2011.01.11 23:04:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 23:04:15 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.11 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Malwarebytes
[2011.01.11 20:48:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:47:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.10 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.01.10 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Google
[2011.01.09 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Google
[2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.01.09 18:00:52 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Backups
[2011.01.09 17:59:58 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Priotecs
[2011.01.09 17:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priotecs Software
[2011.01.09 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Add-in Express
[2011.01.09 17:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Backup Assistant
[2011.01.09 12:34:36 | 005,888,786 | ---- | C] (J. Rathlev                                                  ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe
[2011.01.09 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\PersBackup
[2010.12.28 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag Heinrich Vogel
[2010.12.28 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag_Heinrich_Vogel_in_
[2010.12.28 20:53:31 | 000,000,000 | RH-D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\SecuROM
[2009.07.15 17:45:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5450.dll
[2009.07.15 17:32:34 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF0FB.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 18:55:59 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe
[2011.01.24 18:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.24 18:52:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job
[2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 17:52:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 16:09:30 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001
[2011.01.24 16:09:22 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.01.24 16:08:49 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 16:08:08 | 2146,373,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.24 13:04:43 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat
[2011.01.23 21:52:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job
[2011.01.13 21:53:41 | 000,002,087 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk
[2011.01.12 21:55:37 | 159,407,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.11 22:56:45 | 000,083,968 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 20:55:48 | 000,624,216 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.10 20:55:48 | 000,592,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.10 20:55:48 | 000,124,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.10 20:55:48 | 000,103,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.10 20:49:43 | 000,422,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.09 18:36:41 | 515,969,575 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba
[2011.01.09 17:59:50 | 000,000,862 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk
[2011.01.09 12:59:14 | 000,000,016 | ---- | M] () -- C:\Users\Muammer Saglam\persistent_state
[2011.01.09 12:50:58 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini
[2011.01.09 12:43:43 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.01.09 12:34:40 | 005,888,786 | ---- | M] (J. Rathlev                                                  ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe
[2011.01.08 16:05:34 | 000,007,592 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.10 20:36:06 | 000,002,087 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk
[2011.01.10 20:35:14 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job
[2011.01.10 20:35:09 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job
[2011.01.09 22:50:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.09 22:50:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.09 18:03:15 | 515,969,575 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba
[2011.01.09 17:59:50 | 000,000,862 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk
[2011.01.09 12:43:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.11 21:54:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 20:15:19 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.26 12:02:46 | 000,000,426 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.05.26 12:02:46 | 000,000,169 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.05.26 12:01:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.05.26 12:01:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.05.26 11:58:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.05.26 11:58:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.02.09 15:00:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.09 14:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010.01.01 22:20:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.23 00:34:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.23 00:34:19 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 00:34:19 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.23 00:34:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.12.23 00:34:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.15 22:09:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.02.14 23:05:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.02.14 23:04:38 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.20 01:18:24 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.15 01:16:30 | 000,000,132 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\default.rss
[2008.11.13 00:56:19 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.04 01:58:10 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2008.11.04 01:57:47 | 000,009,391 | ---- | C] () -- C:\Windows\System32\dymourl.ini
[2008.11.04 01:56:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\DYMOCFG.DLL
[2008.11.04 01:56:07 | 000,004,096 | ---- | C] () -- C:\Windows\System32\lmmonres.dll
[2008.10.24 23:20:54 | 000,003,704 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.02.10 21:52:05 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.10 21:44:11 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\FnF4.txt
[2008.02.10 12:42:15 | 000,083,968 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.08 22:54:45 | 000,040,606 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.02.08 22:33:00 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001
[2008.02.08 22:21:19 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat
[2008.02.08 22:19:22 | 000,007,592 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\QSwitch.txt
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DSwitch.txt
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\AtStart.txt
[2008.01.14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007.12.06 08:06:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.06 10:37:06 | 000,009,216 | ---- | C] () -- C:\Windows\System32\gengpmon.dll
[2004.05.05 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[2002.10.15 13:46:26 | 000,196,608 | ---- | C] () -- C:\Windows\System32\hpbvnstp.dll
[2001.07.31 10:17:12 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA

< End of report >
--- --- ---

Lazminator 24.01.2011 19:10
Extras editorOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.01.2011 18:59:25 - Run 1
OTL by OldTimer - Version 3.2.20.5    Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
 
Computer Name: MUAMMER-PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7DB2E4-A39F-462F-80FA-96C1FF595886}" = rport=2869 | protocol=6 | dir=out | app=system |
"{49E977A7-CE46-4665-B852-54E22C4808D2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{51174D1D-1404-4B58-9AD9-171747BB4AEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58D189A5-7DBB-49F6-BDD0-2998AC2319C3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{627EEB51-9D8E-429E-9A96-738570DF878A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90DD53B8-2C4E-49E6-8195-8D3FF3BEF023}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AD504BBD-55F2-4EE7-BF21-E4F0975C0012}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AE0634F9-7A75-4F87-825E-B02FE3568487}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{C1D4AB9A-7213-4FB1-87CD-CC1D1A269D4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8DB814E-5EAF-4DDD-A769-D69C3AF5291D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4A61742-BB3C-48D0-8470-88CBE90CD360}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E1FB57A6-718E-49A9-851B-D733EE6A1191}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093B9AE1-0229-4CAE-8022-C6C264755834}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{114FD79B-5907-4707-B158-6489365D17AC}" = protocol=58 | dir=out | app=system |
"{27EF8047-9C43-4878-A468-AE1203AB67FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{46AB4747-8BB9-4ED7-8AD5-09AF732444A2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C8CED7D-BA3B-4D70-B841-3D4DA624CAE7}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{4DED6DE2-30E8-4F86-9DE0-C12ACF9523EF}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{55DC4FB3-ECB1-4C33-B585-D6F3AB2116BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5843F2AB-D2FD-4B45-9142-51A2337D1C6E}" = protocol=58 | dir=out | app=system |
"{5D4C658D-0E3F-47E0-B1F8-BFA73DAA8227}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{622646EB-B136-4EAB-AE68-6F96C2B092C9}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{8818A4C9-F936-4EF8-B796-819B7B213EC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9AADB0EC-812C-437C-8251-34799A87018A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{9DFAD587-0ED6-419A-B484-CC680C0F385A}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{D3324129-490B-482F-956C-1E0F7CAA014A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D5E2FF5E-6F4E-4B07-879F-9222B9A84568}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E41ABC7F-9F61-4C83-90BB-70C4D81F3FCC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E4CD0E32-1AAD-402D-8367-7E750BF1C2F2}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{0990DF52-92A1-460E-8EBB-EA4D0171ABE9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{27100FD6-9B16-4D5E-90B6-8B28EB4354A7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{2796760E-CEB4-4C74-A183-2205F798FCBC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{37B17900-45D5-45CB-9054-CB1D828A7AE2}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{4B388F06-A418-4FBF-851A-DB6CDD28B449}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{57DE1C1F-8ED1-4107-9754-C7C920087622}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{69945F81-99CE-4EA9-BE1C-C5774FF8C162}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{995DDB14-9FC7-4EA7-9F52-679C9DA7711E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{AC116EB2-8A79-4B4D-AE2E-ABA7D0A4FB68}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{E1875F6A-EADC-4747-9AF4-3A71F12A6E74}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{E730D29C-C5AE-41B9-8B88-32AC0B8621D7}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{F931EA6C-1552-4D42-BA3A-31033301F6C2}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{077C5440-3059-42F8-BFF9-2ABDF0A1DF74}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{147B538B-AFE8-4305-A68C-DDDDC2EFF317}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{3E561E0D-91B4-47E6-9EA5-CCA67BF18CDF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{474DAE50-6980-4CCF-8B90-89831BBFD8A9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{70DB6837-4C40-48F5-A10B-547DEF6B527B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7D1BF85B-E2E1-4FD0-B98E-023456F8225C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{93076A45-5582-48F2-B945-D2DAD2B978BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{94C0A5C4-E29A-4319-9373-9EEC209C2DB9}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{9C3B23C7-42C8-4CFE-9E1D-D9A00129B71E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{ACADC6E5-81E5-405F-A58C-7306E7CD6B12}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BB95E540-45B0-4866-AD67-DF0515323120}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D8A0006B-8D6D-487D-A367-2F1940998985}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = maxx PDFMAILER
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{def1b9a3-19af-4cbc-91ca-fed307fc41e6}" = Nero 9
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"M3 GAME Manager" = M3 GAME Manager Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Backup_is1" = Personal Backup 5.0
"Recuva" = Recuva
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Supreme Auction_is1" = Supreme Auction
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltraISO_is1" = UltraISO Premium V9.33
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VideoLAN VLC media player 0.8.6i
"vShare" = vShare Plugin
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 28.11.2009 01:05:40 | Computer Name = Muammer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_HPSLPSVC, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00610043,  Prozess-ID 0x164,
Anwendungsstartzeit 01ca6edb571890d4.
 
Error - 29.11.2009 09:00:02 | Computer Name = Muammer-PC | Source = MsiInstaller | ID = 11706
Description =
 
[ OSession Events ]
Error - 18.01.2010 16:31:43 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12503
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.02.2010 04:59:15 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2010 03:52:58 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.04.2010 13:49:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5697
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.06.2010 06:30:48 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.06.2010 07:23:20 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 231
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2010 05:28:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.07.2010 13:24:52 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.09.2010 15:58:37 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:33:25 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Lazminator 24.01.2011 19:26
Liebe Grüße und danke schon mal für eure Zeit und Hilfe,
lazminator

cosinus 24.01.2011 20:30
Zitat:
Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
Das ist ein altes Log. Wo ist das Log vom aktuellen Scan?

Lazminator 25.01.2011 14:45
Also hier nochmal der aktuelle scan...


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5591

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

24.01.2011 23:32:39
mbam-log-2011-01-24 (23-32-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 381023
Laufzeit: 2 Stunde(n), 25 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Lazminator 25.01.2011 14:46
Bitte nun wieder um Hilfe...DANKE

cosinus 25.01.2011 19:00
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

Lazminator 25.01.2011 19:24
nein , das sind alle die ich habe


danke im voraus

cosinus 25.01.2011 20:32
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:20 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129