|
Log-Analyse und Auswertung: Laptop ebenfalls infiziert (nach PC-Bereinigung)?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2011, 15:30 | #1 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo, hier also nun der 2. Thread. In einem anderen Thread wurde mein PC gereinigt - das Problem ist nun, dass ich per USB-Stick Daten zw. PC und Laptop getauscht habe und der Laptop daher ebenfalls infiziert sein könnte. Um mich nun nicht erneut gegenseitig zu infizieren, poste ich im folgenden die Log-Dateien (ich habe die Liste abgearbeitet). Ich wäre sehr dankbar, wenn das jemand prüfen könnte. :-) Noch kurz zu meinem System: Am Laptop habe ich Windows Vista, als Virenprogramm benutze ich Avira. Außerdem verwende ich Mozilla Firefox und Thunderbird. Hier erstmal die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2011 15:15:46 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,84% Memory free 6,21 Gb Paging File | 5,02 Gb Available in Paging File | 80,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 81,09 Gb Free Space | 56,29% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 86,78 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2010.12.26 20:46:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.27 22:17:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZg***.EXE PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.23 16:58:54 | 000,397,312 | ---- | M] (*** Inc.) -- C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\***\Empowering Technology\Service\ETService.exe PRC - [2008.03.21 14:22:32 | 000,376,832 | ---- | M] (***) -- C:\Program Files\***\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\***\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.08.03 18:46:34 | 000,114,688 | ---- | M] (Informatic Ltd.) -- C:\Program Files\Orfo 9.0\orfagent.exe ========== Modules (SafeList) ========== MOD - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\***\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\***\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 11:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.03.18 11:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.12.08 14:35:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.10 17:58:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.09 03:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.03.25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.03.25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.03.25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.03.25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.07 09:05:44 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.07 09:05:42 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (***, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.***.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.***.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at | hxxp://de.pons.eu/ | hxxp://dict.leo.org/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: ":" FF - prefs.js..network.proxy.gopher: ":" FF - prefs.js..network.proxy.http: ":" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":" FF - prefs.js..network.proxy.ssl: ":" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.26 20:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.31 15:11:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.10 22:06:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.12 23:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.07.31 14:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions [2010.11.02 12:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.29 18:37:05 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\DeviceDetection@logitech.com [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2011.07.31 14:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.15 21:33:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 15:38:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.18 14:50:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.03 18:38:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.31 14:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.05.31 21:05:06 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2011.07.31 15:11:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.12.26 20:46:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.07.31 14:48:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.10 22:06:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.10 22:06:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.10 22:06:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.10 22:06:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.10 22:06:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\ShellBrowser: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe (*** Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZg***.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\***\WR_PopUp\ProductReg.exe (***) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: ORFO Rechtschreibprüfung starten - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra Button: ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra 'Tools' menuitem : ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O24 - Desktop BackupWallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell - "" = AutoRun O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\*** Arcade Deluxe\*** Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\*** Arcade Deluxe\*** Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\***\Empowering Technology\eAudio\eAudio.exe (*** Incorporated) MsConfig - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - File not found MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\*** Arcade Deluxe\PlayMovie\PMVService.exe (*** Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.31 15:12:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2011.07.31 15:06:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 14:51:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.31 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Solid State Networks [2011.07.08 22:33:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2011.07.08 22:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2008.11.01 06:56:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll [2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.31 15:11:33 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2011.07.31 15:07:54 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.31 15:07:54 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.31 15:07:54 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.31 15:07:54 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.31 15:07:07 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 15:03:30 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.07.31 15:03:18 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.07.31 15:01:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.07.31 15:00:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 15:00:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 15:00:48 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.31 15:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.31 15:00:07 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2011.07.31 14:35:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.31 14:30:38 | 000,635,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.31 14:25:35 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.07.31 14:25:35 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.07.31 14:25:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:17:17 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.12 23:11:13 | 000,002,597 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2003.lnk [2011.07.08 22:33:36 | 000,000,022 | ---- | M] () -- C:\Users\***\netglassData.bin [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.31 15:03:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.07.31 14:54:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.07.31 14:25:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:17:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.08 22:33:36 | 000,000,022 | ---- | C] () -- C:\Users\***\netglassData.bin [2009.11.30 00:04:51 | 000,001,470 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2009.10.22 21:34:45 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OrfoCalls.dll [2009.10.18 13:24:17 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.10.10 11:27:59 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2009.09.11 11:43:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 11:43:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.13 10:51:28 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 10:51:27 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.04.03 12:07:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.04.03 12:07:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.02.28 16:03:38 | 000,035,840 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.27 23:48:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.27 23:00:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.27 22:38:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.12.07 10:04:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.12.07 10:04:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.12.07 10:04:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.11.01 06:55:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.10.31 23:28:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.10.31 23:13:20 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.10.31 23:01:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.10.31 23:01:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.10.31 22:37:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,635,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\p***prf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.28 00:59:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.10.31 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** GameZone Console [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.28 01:00:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.06.13 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gaijin Ent [2009.02.28 14:34:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.11.30 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2009.10.03 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.04.15 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.09.01 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.07.31 14:55:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.27 22:17:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.02.27 22:19:30 | 000,000,000 | ---D | M] -- C:\*** [2009.02.27 22:14:49 | 000,000,000 | ---D | M] -- C:\***SW [2008.11.01 00:06:28 | 000,000,000 | ---D | M] -- C:\Book [2009.10.24 13:16:55 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.31 15:14:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.02.27 22:11:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.06.27 10:29:16 | 000,000,000 | ---D | M] -- C:\Downloads [2008.10.31 22:59:02 | 000,000,000 | ---D | M] -- C:\Intel [2010.03.25 12:38:39 | 000,000,000 | ---D | M] -- C:\*** [2008.10.31 23:16:41 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.10 21:46:11 | 000,000,000 | ---D | M] -- C:\Program Files [2011.06.13 17:52:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.02.27 22:11:04 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.31 15:18:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.02.27 22:14:19 | 000,000,000 | R--D | M] -- C:\Users [2009.03.01 13:54:29 | 000,000,000 | ---D | M] -- C:\WD2000ROOT [2009.03.01 13:54:29 | 000,000,000 | ---D | M] -- C:\WD2002ROOT [2011.07.31 15:12:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-31 12:26:34 < > < End of report > [/code] |
31.07.2011, 15:31 | #2 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hier die Extras.txt:
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.07.2011 15:15:46 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,84% Memory free 6,21 Gb Paging File | 5,02 Gb Available in Paging File | 80,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 81,09 Gb Free Space | 56,29% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 86,78 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6F75FFFD-760F-4A84-BE76-FCAABAD1F05D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8F1F8120-9FD5-4FE0-80A7-F1366C5A6830}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069805F3-058E-48DB-94F4-A95091305AED}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{0D8AEE10-96C2-498F-AEB7-7902F449EFB9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{0F4B7BFD-1298-41F6-A0ED-8364CCFAC6A7}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | "{203C2BEE-D9DF-4ACC-A4BB-62BC839DCAA2}" = dir=in | app=c:\program files\*** arcade deluxe\*** arcade deluxe\*** arcade deluxe.exe | "{36136249-3502-4D13-B6F0-524D22EB1BDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{51C1D457-17F3-4CDD-846E-7B02E684A6E4}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | "{59A15FCB-A6B8-4548-A8CD-036579E0754C}" = protocol=6 | dir=in | app=c:\program files\musikprogramme\bitcomet\bitcomet.exe | "{5CE9F7EF-D77E-4870-84E3-4479FE78E061}" = dir=in | app=c:\program files\*** arcade deluxe\playmovie\playmovie.exe | "{5D000235-4036-425E-9F37-5759E5E48319}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{67CC8014-729A-47A0-9562-C268CFC16FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D41BBC8-3313-46DE-AE4A-8441CFF5CF1E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{752D16C6-99C9-4B06-8BD1-5813BC6C3EEE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{7D004B31-9BC9-451B-B7FB-98809204E08B}" = protocol=17 | dir=in | app=c:\program files\musikprogramme\bitcomet\bitcomet.exe | "{7F40A20A-ECCF-4B08-AAE4-34BB517B06C5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{86AB5221-F056-4E52-9DC5-F94A59240ECC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{99E17C86-8575-4D50-A009-9CA2B7F5B223}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9BCC5662-1B3C-44D7-B268-8439AF3F3822}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | "{9FDDAAB1-D719-4E7F-8AD0-EFCAF73428EA}" = dir=in | app=c:\program files\*** arcade deluxe\playmovie\pmvservice.exe | "{E7BC0F42-8139-48E4-A226-EE254FD3E9F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{F4F2FC78-6299-49CB-B33D-C01E15279533}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | "{F76B449B-026D-4A3F-89ED-1FF673FBDAF6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F877F8A8-D6EA-4511-8741-55F7D4E0007F}" = dir=in | app=c:\program files\*** arcade deluxe\homemedia\homemedia.exe | "TCP Query User{81E66C65-A327-405A-9309-791FE77AB91C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{AC7D806C-1112-4374-89C3-21EFB1FF44C6}C:\program files\shareaza applications\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe | "TCP Query User{ED85EEC7-7017-44A1-88D5-EAEEBA07AA3A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4539AF0A-94EA-4A03-8DFE-CE39D46B2D95}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{547246B8-C050-42AD-AD4D-C597ECE1A35F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C00DB2BF-1BE9-4D4E-BE6E-1331008A61B0}C:\program files\shareaza applications\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = *** Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = *** eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = *** Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = *** eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = *** ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = *** ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet "{7F811A54-5A09-4579-90E1-C93498E230D9}" = *** eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = *** Empowering Technology "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5633652-3795-4829-BB0B-644F0279E279}" = *** eDataSecurity Management "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = *** Crystal Eye Webcam 2.0.8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BD77C684-DF3C-4237-A9F9-FA90ED58CA3F}" = PCLinq3 "{C677F5B2-84A1-4A5E-8944-53CF2DA12FE3}" = Dizionario Garzanti Hazon di Inglese 2009 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDEA11CF-BAF9-4EFE-AF7C-58EAB614A407}" = ORFO 9.0 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BearShare MediaBar" = MediaBar 2.0 "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free Studio_is1" = Free Studio version 4.6 "Free YouTube Download_is1" = Free YouTube Download 2.3 "FreePDF_XP" = FreePDF XP (Remove only) "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GPL Ghostscript 8.64" = GPL Ghostscript 8.64 "GridVista" = *** GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = *** Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{FDEA11CF-BAF9-4EFE-AF7C-58EAB614A407}" = ORFO 9.0 "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11) "NVIDIA Drivers" = NVIDIA Drivers "Orfo" = ORFO 9.0 "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SP6" = Logitech SetPoint 6.15 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tele2 Internet" = Tele2 Internet "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "sc10-ORF_MAIN" = ORF-Ski Challenge 2010 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.08.2010 05:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 05:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 07:49:41 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 05.08.2010 07:49:55 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 07:49:55 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.08.2010 03:04:56 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 06.08.2010 03:05:13 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.08.2010 03:05:13 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.08.2010 09:19:29 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 06.08.2010 09:19:48 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 09.07.2011 09:06:38 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2011 08:11:25 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 31.07.2011 08:11:25 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 31.07.2011 08:27:37 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = < End of report > [/code] |
31.07.2011, 15:34 | #3 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Und hier noch die gmer.txt:
__________________Code:
ATTFilter GMER Logfile: Vielen herzlichen Dank schonmal! LG |
31.07.2011, 17:09 | #4 | ||
/// Helfer-Team | Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo und Herzlich Willkommen! Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
31.07.2011, 20:31 | #5 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo, vielen Dank für die Nachricht. Hier das Ergebnis von Malwarebytes - es gab 1 Fund: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7339 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 31.07.2011 21:28:03 mbam-log-2011-07-31 (21-28-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 331895 Laufzeit: 1 Stunde(n), 21 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
31.07.2011, 20:37 | #6 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Und hier noch die Programmliste vom Ccleaner: Code:
ATTFilter Acer Arcade Deluxe CyberLink Corp. 06.12.2008 83,1MB 2.0.5315 Acer Crystal Eye Webcam 2.0.8 SuYin 06.12.2008 2,95MB 2.0.8 Acer eAudio Management CyberLink Corp. 06.12.2008 2,17MB 3.0.3007 Acer eDataSecurity Management Egis Inc. 30.10.2008 62,7MB 3.0.3060 Acer Empowering Technology Acer Incorporated 30.10.2008 140,7MB 3.0.3006 Acer ePower Management Acer Incorporated 30.10.2008 9,63MB 3.0.3008 Acer eRecovery Management Acer Incorporated 06.12.2008 27,5MB 3.0.3013 Acer eSettings Management Acer Incorporated 30.10.2008 27,4MB 3.0.3007 Acer GridVista 06.12.2008 1,51MB 2.72.317 Acer Mobility Center Plug-In Acer Inc. 30.10.2008 4,13MB 3.0.3000 Acer ScreenSaver Acer Incorporated 06.12.2008 1.12.0506 Acrobat.com Adobe Systems Incorporated 30.10.2008 1,67MB 1.1.377 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 06.12.2008 14,0MB Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 30.07.2011 1.947MB 10.1.0 Adobe AIR Adobe Systems Inc. 30.10.2008 1.0.4990 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 14.06.2010 10.1.53.64 Adobe Flash Player ActiveX Adobe Systems Incorporated 06.12.2008 9.0.124.0 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 30.07.2011 118,5MB 10.1.0 Agatha Christie Death on the Nile Oberon Media 06.12.2008 160,8MB Agere Systems HDA Modem Agere Systems 30.10.2008 Alice Greenfingers Oberon Media 06.12.2008 13,3MB Apple Application Support Apple Inc. 19.04.2010 39,7MB 1.2.1 Apple Software Update Apple Inc. 30.04.2009 2,16MB 2.1.1.116 AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 AVerMedia TECHNOLOGIES, Inc. 06.12.2008 0,60MB 1.1.0.27 Avira AntiVir Personal - Free Antivirus Avira GmbH 29.03.2010 60,2MB 10.0.0.561 Azada Oberon Media 06.12.2008 61,8MB Backspin Billiards Oberon Media 06.12.2008 9,09MB Big Kahuna Reef Oberon Media 06.12.2008 11,4MB Bricks of Egypt Oberon Media 06.12.2008 6,73MB Broadcom Gigabit Integrated Controller Broadcom Corporation 30.10.2008 1,01MB 11.11.03 Cake Mania Oberon Media 06.12.2008 17,5MB CCleaner Piriform 30.07.2011 3,98MB 3.09 Chicken Invaders 3 Oberon Media 06.12.2008 53,4MB Chuzzle Oberon Media 06.12.2008 10,3MB Compatibility Pack für 2007 Office System Microsoft Corporation 08.07.2011 34,5MB 12.0.6514.5001 Diner Dash Flo on the Go Oberon Media 06.12.2008 17,2MB DivX Codec DivX, Inc. 08.01.2010 1,57MB 6.9.1 DivX Converter DivX, Inc. 08.01.2010 45,3MB 7.1.0 DivX Player DivX, Inc. 08.01.2010 8,43MB 7.2.0 DivX Plus DirectShow Filters DivX, Inc. 08.01.2010 1,58MB DivX Plus Web Player DivX,Inc. 08.01.2010 8,77MB 2.0.0 Dizionario Garzanti Hazon di Inglese 2009 De Agostini Scuola S.p.A. - Garzanti Linguistica 28.02.2009 830MB 5.00.0052 eSobi v2 esobi Inc. 30.10.2008 17,0MB 2.0.3.000189 Free Studio version 4.6 DVDVideoSoft Limited. 15.05.2010 82,7MB Free YouTube Download 2.3 DVDVideoSoft Limited. 30.09.2009 2,79MB FreePDF XP (Remove only) 02.04.2009 3,01MB Google Desktop Google 06.12.2008 30,2MB 5.7.0808.07150 Google Earth Google 30.07.2011 84,7MB 6.0.3.2197 Google Updater Google Inc. 15.05.2010 3,91MB 2.4.1739.5352 GPL Ghostscript 8.64 02.04.2009 22,6MB Intel® Matrix Storage Manager Intel Corporation 06.12.2008 48,1MB Java(TM) 6 Update 26 Oracle 30.07.2011 94,9MB 6.0.260 Jewel Quest Solitaire Oberon Media 06.12.2008 27,0MB JMicron JMB38X Flash Media Controller JMicron Technology Corp. 30.10.2008 2,26MB 1.00.10.04 Kick N Rush Oberon Media 06.12.2008 43,3MB Launch Manager 06.12.2008 2,66MB Logitech SetPoint 6.15 Logitech 24.10.2010 6.15.25 Logitech Updater Ihr Firmenname 01.12.2009 1,30MB 1.70 Mahjong Escape Ancient China Oberon Media 06.12.2008 13,6MB Mahjongg Artifacts Oberon Media 06.12.2008 15,9MB Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 30.07.2011 6,71MB 1.51.1.1800 MediaBar 2.0 MusicLab, LLC 29.05.2009 0,70MB 2.0 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 11.03.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 26.02.2009 27,8MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 Microsoft IntelliPoint 7.0 Microsoft 19.10.2010 22,5MB 7.0.260.0 Microsoft Office Home and Student 2007 Microsoft Corporation 30.04.2009 559MB 12.0.6425.1000 Microsoft Office Professional Edition 2003 Microsoft Corporation 30.07.2011 11.0.8173.0 Microsoft Silverlight Microsoft Corporation 08.07.2011 29,0MB 4.0.60531.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.08.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.07.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 10.08.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.05.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.07.2011 0,58MB 9.0.30729.6161 Microsoft Works Microsoft Corporation 09.12.2009 08.05.0822 Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 02.03.2011 0,13MB 12.0.4518.1014 Mozilla Firefox (3.6.18) Mozilla 09.07.2011 30,8MB 3.6.18 (de) Mozilla Thunderbird (3.1.11) Mozilla 11.07.2011 35,0MB 3.1.11 (de) MSXML 4.0 SP2 (KB954430) Microsoft Corporation 26.02.2009 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0 Mystery Case Files - Huntsville Oberon Media 06.12.2008 24,4MB Mystery Solitaire - Secret Island Oberon Media 06.12.2008 19,9MB No23 Recorder No23 28.11.2009 2,44MB 2.1.0.3 NTI Backup Now 5 NewTech Infosystems 30.10.2008 28,6MB 5.1.2.503 NTI Media Maker 8 NewTech Infosystems 30.10.2008 181,5MB 8.0.2.6322 NVIDIA Drivers 23.10.2009 Office-Bibliothek Bibliographisches Institut & F.A. Brockhaus AG 08.10.2009 55,7MB 5.00.4 OpenOffice.org 3.1 OpenOffice.org 02.10.2009 355MB 3.1.9420 ORF-Ski Challenge 2010 23.11.2009 148,0MB ORFO 9.0 Informatic 21.10.2009 7,76MB 9.0 ORFO 9.0 22.10.2009 Orion Convesoft 30.10.2008 12,2MB 2.0.1 PC Connectivity Solution Nokia 14.04.2009 11,0MB 8.47.6.0 PCLinq3 Prolific Technology Inc. 11.04.2009 1,38MB 3.0.0.3 PDF24 Creator 3.0.0 PDF24.org 12.06.2011 40,1MB PhotoNow! CyberLink Corp. 06.12.2008 1,65MB 1.1.4619 PowerDirector CyberLink Corp. 30.10.2008 199,6MB 6.5.2713 QuickTime Apple Inc. 19.04.2010 73,8MB 7.66.71.0 RealPlayer RealNetworks 25.12.2010 67,6MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.10.2008 21,5MB 6.0.1.5612 RedMon - Redirection Port Monitor 02.04.2009 Skype™ 3.8 Skype Technologies S.A. 04.12.2009 29,7MB 3.8.188 Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 28.08.2009 29,7MB 9.0.0 Spybot - Search & Destroy Safer Networking Limited 27.02.2009 50,7MB 1.6.2 Synaptics Pointing Device Driver Synaptics 30.10.2008 14,0MB 10.2.4.0 Tele2 Internet Tele2UTA Telecommunication GmbH 26.02.2009 Turbo Pizza Oberon Media 06.12.2008 175,4MB Uninstall 1.0.0.1 15.05.2010 16,2MB VLC media player 1.1.5 VideoLAN 10.01.2011 78,1MB 1.1.5 Winbond CIR Device Drivers Winbond Electronics Corporation 30.10.2008 2,25MB 7.60.1012 Windows Live Anmelde-Assistent Microsoft Corporation 06.03.2009 1,93MB 5.000.818.6 Windows Live Essentials Microsoft Corporation 05.11.2009 44,0MB 14.0.8089.0726 Windows Live-Uploadtool Microsoft Corporation 05.11.2009 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 26.02.2009 0,29MB 1.0.0.8 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 14.04.2009 08/22/2008 7.0.0.0 WinRAR 09.04.2010 3,78MB Zuma Deluxe Oberon Media 06.12.2008 11,2MB |
01.08.2011, 09:48 | #7 | |||
/// Helfer-Team | Laptop ebenfalls infiziert (nach PC-Bereinigung)? 1. Code:
ATTFilter BearShare Shareaza Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen! 2. Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...` Code:
ATTFilter MediaBar - Adware -Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. ** Zitat:
Zitat:
Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2009.05.31 21:05:06 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell - "" = AutoRun O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{C00DB2BF-1BE9-4D4E-BE6E-1331008A61B0}C:\program files\shareaza applications\shareaza\shareaza.exe" =- :Commands [purity] [emptytemp]
4. reinige dein System mit Ccleaner:
5.
6. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen 7. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
03.08.2011, 20:59 | #8 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo kira, vielen Dank für dein Post. Hier das Ergebnis vom OTL (Fixen): Code:
ATTFilter Error: Unable to interpret <4c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2> in the current context! Error: Unable to interpret <[2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Acer-PC\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}> in the current context! Error: Unable to interpret <[2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Acer-PC\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}> in the current context! Error: Unable to interpret <[2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Acer-PC\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com> in the current context! Error: Unable to interpret <[2009.05.31 21:05:06 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a> in the current context! Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a> in the current context! Error: Unable to interpret <[2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\Acer-PC\AppData\Roaming\DVDVideoSoftIEHelpers> in the current context! ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C00DB2BF-1BE9-4D4E-BE6E-1331008A61B0}C:\program files\shareaza applications\shareaza\shareaza.exe deleted successfully. OTL by OldTimer - Version 3.2.26.1 log created on 08032011_215658 |
03.08.2011, 22:39 | #9 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hier das Ergebnis von der SuperAntiSpyware (es gab keine Funde): Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 08/03/2011 bei 11:14 PM Version der Applikation : 5.0.1108 Version der Kern-Datenbank : 7506 Version der Spur-Datenbank : 5318 Scan Art : kompletter Scann Totale Scann-Zeit : 01:00:41 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Gescannte Speicherelemente : 732 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 38178 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 51620 Erfasste Datei-Elemente : 0 |
04.08.2011, 06:29 | #10 |
/// Helfer-Team | Laptop ebenfalls infiziert (nach PC-Bereinigung)? falsch gemacht! Du musst aus Codebox Box, alles sowie ist bei OTL einfügen (rot gefärbt): Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2009.05.31 21:05:06 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell - "" = AutoRun O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{C00DB2BF-1BE9-4D4E-BE6E-1331008A61B0}C:\program files\shareaza applications\shareaza\shareaza.exe" =- :Commands [purity] [emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (04.08.2011 um 06:35 Uhr) |
04.08.2011, 11:12 | #11 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo kira, vielen Dank, da muss mir wohl ein Fehler unterlaufen sein. Ich dachte, ich hätte es richtig gemacht (es gab allerdings Probleme beim Kopieren des Codes, aber ich dachte, dass ich trotzdem alles kopiert hätte). Ich probiere es dann gleich nochmal. Die anderen Scans liefere ich dann noch nach. LG |
04.08.2011, 11:44 | #12 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo nochmal, ich glaube, diesmal hat es mit dem Fixen geklappt, hier das Logfile: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found. Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com\ not found. Folder C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found. File C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found. File C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acdb7fe1-29bf-11de-aa9b-00238b486661}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acdb7fe1-29bf-11de-aa9b-00238b486661}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe -a not found. Folder C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C00DB2BF-1BE9-4D4E-BE6E-1331008A61B0}C:\program files\shareaza applications\shareaza\shareaza.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: *** ->Temp folder emptied: 2152640 bytes ->Temporary Internet Files folder emptied: 506372 bytes ->Java cache emptied: 59917935 bytes ->FireFox cache emptied: 62679410 bytes ->Flash cache emptied: 499 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 279440 bytes Windows Temp folder emptied: 4518 bytes RecycleBin emptied: 151062 bytes Total Files Cleaned = 120,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08042011_123856 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Die weiteren Scans laufen... |
04.08.2011, 16:39 | #13 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hier das Ergebnis vom ESET-Scan (es gab 1 Fund): Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=867081233467bd4abc06bb19db422565 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-03 10:02:21 # local_time=2011-08-04 12:02:21 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 290872 87923385 1236 0 # compatibility_mode=5892 16776573 100 100 8145 149940806 0 0 # compatibility_mode=8192 67108863 100 0 130 130 0 0 # scanned=686 # found=0 # cleaned=0 # scan_time=864 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=867081233467bd4abc06bb19db422565 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-03 11:49:44 # local_time=2011-08-04 01:49:44 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 291831 87924344 0 0 # compatibility_mode=5892 16776573 100 100 9104 149941765 0 0 # compatibility_mode=8192 67108863 100 0 1089 1089 0 0 # scanned=146213 # found=0 # cleaned=0 # scan_time=6346 |
04.08.2011, 22:05 | #14 |
| Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo kira, hier kommen noch die Logs vom OTL-Scan: Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2011 21:24:54 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,99% Memory free 6,20 Gb Paging File | 4,60 Gb Available in Paging File | 74,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 80,15 Gb Free Space | 55,64% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 86,78 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6F75FFFD-760F-4A84-BE76-FCAABAD1F05D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8F1F8120-9FD5-4FE0-80A7-F1366C5A6830}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069805F3-058E-48DB-94F4-A95091305AED}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{0D8AEE10-96C2-498F-AEB7-7902F449EFB9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{0F4B7BFD-1298-41F6-A0ED-8364CCFAC6A7}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | "{203C2BEE-D9DF-4ACC-A4BB-62BC839DCAA2}" = dir=in | app=c:\program files\*** arcade deluxe\*** arcade deluxe\*** arcade deluxe.exe | "{36136249-3502-4D13-B6F0-524D22EB1BDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{51C1D457-17F3-4CDD-846E-7B02E684A6E4}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | "{5CE9F7EF-D77E-4870-84E3-4479FE78E061}" = dir=in | app=c:\program files\*** arcade deluxe\playmovie\playmovie.exe | "{5D000235-4036-425E-9F37-5759E5E48319}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{67CC8014-729A-47A0-9562-C268CFC16FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D41BBC8-3313-46DE-AE4A-8441CFF5CF1E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{752D16C6-99C9-4B06-8BD1-5813BC6C3EEE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{7F40A20A-ECCF-4B08-AAE4-34BB517B06C5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{86AB5221-F056-4E52-9DC5-F94A59240ECC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{99E17C86-8575-4D50-A009-9CA2B7F5B223}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9BCC5662-1B3C-44D7-B268-8439AF3F3822}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | "{9FDDAAB1-D719-4E7F-8AD0-EFCAF73428EA}" = dir=in | app=c:\program files\*** arcade deluxe\playmovie\pmvservice.exe | "{E7BC0F42-8139-48E4-A226-EE254FD3E9F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{F4F2FC78-6299-49CB-B33D-C01E15279533}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | "{F76B449B-026D-4A3F-89ED-1FF673FBDAF6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F877F8A8-D6EA-4511-8741-55F7D4E0007F}" = dir=in | app=c:\program files\*** arcade deluxe\homemedia\homemedia.exe | "TCP Query User{81E66C65-A327-405A-9309-791FE77AB91C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{ED85EEC7-7017-44A1-88D5-EAEEBA07AA3A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4539AF0A-94EA-4A03-8DFE-CE39D46B2D95}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{547246B8-C050-42AD-AD4D-C597ECE1A35F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = *** Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = *** eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = *** Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = *** eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = *** ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = *** ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet "{7F811A54-5A09-4579-90E1-C93498E230D9}" = *** eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0 "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = *** Empowering Technology "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5633652-3795-4829-BB0B-644F0279E279}" = *** eDataSecurity Management "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = *** Crystal Eye Webcam 2.0.8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BD77C684-DF3C-4237-A9F9-FA90ED58CA3F}" = PCLinq3 "{C677F5B2-84A1-4A5E-8944-53CF2DA12FE3}" = Dizionario Garzanti Hazon di Inglese 2009 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDEA11CF-BAF9-4EFE-AF7C-58EAB614A407}" = ORFO 9.0 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ESET Online Scanner" = ESET Online Scanner v3 "Free Studio_is1" = Free Studio version 4.6 "Free YouTube Download_is1" = Free YouTube Download 2.3 "FreePDF_XP" = FreePDF XP (Remove only) "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GPL Ghostscript 8.64" = GPL Ghostscript 8.64 "GridVista" = *** GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = *** Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{FDEA11CF-BAF9-4EFE-AF7C-58EAB614A407}" = ORFO 9.0 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11) "NVIDIA Drivers" = NVIDIA Drivers "Orfo" = ORFO 9.0 "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SP6" = Logitech SetPoint 6.15 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tele2 Internet" = Tele2 Internet "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "sc10-ORF_MAIN" = ORF-Ski Challenge 2010 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.08.2010 18:12:14 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 04.08.2010 18:12:31 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.08.2010 18:12:31 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.08.2010 18:12:32 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 05:16:55 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 05.08.2010 05:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 05:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 07:49:41 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 05.08.2010 07:49:55 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.08.2010 07:49:55 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 31.07.2011 08:27:37 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 31.07.2011 08:53:43 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 31.07.2011 09:09:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2011 13:59:36 | Computer Name = *** | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 31.07.2011 um 19:52:33 unerwartet heruntergefahren. Error - 03.08.2011 15:27:11 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 04.08.2011 06:38:57 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = < End of report > [/code] OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2011 21:24:54 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 50,99% Memory free 6,20 Gb Paging File | 4,60 Gb Available in Paging File | 74,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 80,15 Gb Free Space | 55,64% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 86,78 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.04 12:41:10 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.07.29 03:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.12 23:10:35 | 012,596,912 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2011.07.10 22:06:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.06 21:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2010.12.26 20:46:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZg***.EXE PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.23 16:58:54 | 000,397,312 | ---- | M] (*** Inc.) -- C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\***\Empowering Technology\Service\ETService.exe PRC - [2008.03.21 14:22:32 | 000,376,832 | ---- | M] (***) -- C:\Program Files\***\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\***\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.08.03 18:46:34 | 000,114,688 | ---- | M] (Informatic Ltd.) -- C:\Program Files\Orfo 9.0\orfagent.exe ========== Modules (SafeList) ========== MOD - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\***\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\***\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 11:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.03.18 11:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.12.08 14:35:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.10 17:58:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.09 03:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.03.25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.03.25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.03.25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.03.25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.07 09:05:44 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.07 09:05:42 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (***, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.***.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.***.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.at | http://de.pons.eu/ | http://dict.leo.org/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.26 20:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.31 15:11:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.10 22:06:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.12 23:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.03 21:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions [2010.11.02 12:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.29 18:37:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\DeviceDetection@logitech.com [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2011.08.03 21:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.15 21:33:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 15:38:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.18 14:50:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.03 18:38:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.31 14:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.31 15:11:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.12.26 20:46:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.07.31 14:48:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.10 22:06:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.10 22:06:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.10 22:06:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.10 22:06:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.10 22:06:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe (*** Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZg***.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\***\WR_PopUp\ProductReg.exe (***) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: ORFO Rechtschreibprüfung starten - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra Button: ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra 'Tools' menuitem : ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O24 - Desktop BackupWallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.03 23:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.03 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2011.08.03 22:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.08.03 22:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.08.03 22:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.08.03 22:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.08.03 21:56:58 | 000,000,000 | ---D | C] -- C:\_OTL [2011.07.31 21:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.07.31 21:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.07.31 19:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.07.31 19:02:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.07.31 18:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.31 18:58:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.31 18:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.31 18:58:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.31 18:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.31 15:06:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Solid State Networks [2011.07.31 14:48:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.31 14:48:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.31 14:48:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.07.31 14:25:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.07.31 14:25:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.31 14:25:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.07.31 14:25:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.07.31 14:25:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.07.31 14:25:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.07.31 14:25:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.07.31 14:25:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.07.31 14:25:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.07.31 14:25:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.07.31 14:25:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.07.31 14:25:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.07.31 14:25:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.07.31 14:25:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.07.31 14:25:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.07.31 14:25:19 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.07.31 14:25:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.31 14:25:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.07.31 14:25:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.07.31 14:25:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.07.31 14:25:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.07.31 14:25:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.07.31 14:25:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.07.31 14:25:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.31 14:25:18 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.07.31 14:25:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.07.31 14:25:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.07.31 14:25:17 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.31 14:25:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.31 14:25:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.07.31 14:25:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.07.31 14:25:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.07.31 14:25:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.07.31 14:25:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.07.31 14:25:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.07.31 14:25:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.07.31 14:25:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.07.31 14:25:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.07.31 14:25:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.07.31 14:15:40 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.31 14:15:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.31 14:15:39 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.07.08 22:33:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2011.07.08 22:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2008.11.01 06:56:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll [2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.04 20:41:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.04 20:40:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.04 20:40:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.04 14:40:11 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.08.04 12:47:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.04 12:47:01 | 000,592,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.04 12:47:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.04 12:47:01 | 000,100,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.04 12:41:26 | 000,002,597 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2003.lnk [2011.08.04 12:41:17 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.04 12:41:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.04 12:41:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.08.04 12:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.04 12:40:18 | 3213,750,272 | -HS- | M] () -- C:\hiberfil.sys [2011.08.03 22:11:45 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.07.31 22:41:25 | 000,109,840 | ---- | M] () -- C:\Users\***\Desktop\Fussball_und_Sprache.pdf [2011.07.31 21:34:49 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.31 18:58:36 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.31 15:35:44 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\2xrpgu6h.exe [2011.07.31 15:11:33 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 15:03:18 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.07.31 14:48:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.07.31 14:48:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.07.31 14:48:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.07.31 14:48:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.07.31 14:30:38 | 000,635,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.31 14:25:35 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.07.31 14:25:35 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.07.31 14:25:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.07.31 14:25:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.31 14:25:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.07.31 14:25:21 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.07.31 14:25:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.07.31 14:25:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.07.31 14:25:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.07.31 14:25:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.07.31 14:25:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.07.31 14:25:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.07.31 14:25:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.07.31 14:25:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.07.31 14:25:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.07.31 14:25:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.07.31 14:25:19 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.07.31 14:25:19 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.07.31 14:25:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.31 14:25:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.07.31 14:25:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.07.31 14:25:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.07.31 14:25:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.07.31 14:25:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:25:19 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.07.31 14:25:19 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.07.31 14:25:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.31 14:25:18 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.07.31 14:25:18 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.07.31 14:25:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.07.31 14:25:17 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.31 14:25:17 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.31 14:25:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.07.31 14:25:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.07.31 14:25:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.07.31 14:25:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.07.31 14:25:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.07.31 14:25:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.07.31 14:25:17 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.07.31 14:25:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.07.31 14:25:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.07.31 14:25:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.07.31 14:17:17 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.08 22:33:36 | 000,000,022 | ---- | M] () -- C:\Users\***\netglassData.bin [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.08.03 22:11:45 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.07.31 22:41:25 | 000,109,840 | ---- | C] () -- C:\Users\***\Desktop\Fussball_und_Sprache.pdf [2011.07.31 21:34:49 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.31 18:58:36 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.31 15:35:35 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\2xrpgu6h.exe [2011.07.31 15:03:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.07.31 14:54:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.07.31 14:25:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:17:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.08 22:33:36 | 000,000,022 | ---- | C] () -- C:\Users\***\netglassData.bin [2009.11.30 00:04:51 | 000,001,470 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2009.10.22 21:34:45 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OrfoCalls.dll [2009.10.18 13:24:17 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.10.10 11:27:59 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2009.09.11 11:43:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 11:43:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.13 10:51:28 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 10:51:27 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.04.03 12:07:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.04.03 12:07:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.02.28 16:03:38 | 000,035,840 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.27 23:48:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.27 23:00:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.27 22:38:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.12.07 10:04:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.12.07 10:04:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.12.07 10:04:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.11.01 06:55:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.10.31 23:28:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.10.31 23:13:20 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.10.31 23:01:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.10.31 23:01:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.10.31 22:37:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,635,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,592,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,100,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\p***prf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.28 00:59:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.10.31 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** GameZone Console [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.28 01:00:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.06.13 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gaijin Ent [2009.02.28 14:34:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.11.30 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2009.10.03 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.04.15 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.09.01 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.08.04 12:39:30 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/code] Vielen Dank!! LG |
05.08.2011, 05:25 | #15 | |
/// Helfer-Team | Laptop ebenfalls infiziert (nach PC-Bereinigung)?Zitat:
Fixen mit OTL
Code:
ATTFilter :OTL DRV - [2009.03.25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.03.25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.03.25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.03.25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.03.25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2011.07.10 22:06:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers :Commands [purity] [emptytemp]
2. Empfehlungen/Vorschläge: Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest: - Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben - Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen. Start→ Alle Programme → Zubehör → Ausführen →"msconfig" (reinschreiben ohne "") → Ok - Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart... - Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten` (Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.) - Falls Du mal brauchst, manueller Start jederzeit möglich - Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*): Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Du solltest nicht deaktivieren : Grafiktreibers Firewall Antivirenprogramm Sound Gleich ein paar Vorschläge: Code:
ATTFilter O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe (*** Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZg***.EXE (Dritek System Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\***\WR_PopUp\ProductReg.exe (***) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Laptop ebenfalls infiziert (nach PC-Bereinigung)? |
antivir, autorun, bho, c:\windows\system32\rundll32.exe, converter, error, firefox, format, gereinigt, google earth, helper, home, hängen, intranet, launch, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, otl.txt, plug-in, popup, problem, programm, realtek, registry, rundll, safer networking, scan, software, start menu, starten, system, vista, windows |