| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.10.2011, 10:18
| #1 |
 |  Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr Hallo, hier die restlichen Ergebnisse: Ergebnis ESET Onlinescan: Code:
ATTFilter
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\FreeRIP Toolbar\IE\4.5\freeripToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.10.2011 10:58:59 - Run 5 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Reinhard\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,91% Memory free 6,20 Gb Paging File | 4,43 Gb Available in Paging File | 71,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 49,94 Gb Free Space | 49,89% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 148,15 Gb Free Space | 78,80% Space Free | Partition Type: NTFS Drive F: | 7,66 Gb Total Space | 7,58 Gb Free Space | 98,97% Space Free | Partition Type: FAT32 Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,53% Space Free | Partition Type: FAT Computer Name: REINHARD-PC | User Name: Reinhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.11 14:52:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:52:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.11 14:52:27 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.10.11 14:52:26 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2011.10.11 14:52:26 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:52:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.10 17:36:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Reinhard\Downloads\OTL.exe PRC - [2011.09.14 21:04:59 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.30 10:27:50 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Reinhard\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.09.19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.06.03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.23 09:02:48 | 002,146,840 | ---- | M] (WareCentral.com) -- C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe PRC - [2008.01.21 04:25:26 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.03.14 16:47:00 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe PRC - [2007.02.22 16:04:44 | 000,851,968 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2011.10.15 09:42:27 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2011.10.15 09:42:27 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2011.10.10 22:01:18 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011.10.10 22:01:18 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2009.02.14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe MOD - [2007.03.14 16:47:00 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe MOD - [2007.03.13 09:35:00 | 000,569,344 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll MOD - [2007.03.04 22:45:08 | 000,028,160 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ger.NLR MOD - [2007.03.04 22:31:10 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\PCSuite\DataLayer\Lang\DataLayer_ger.NLR MOD - [2007.02.23 10:22:50 | 000,552,960 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 14:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:52:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 14:52:27 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.10.11 14:52:26 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2011.10.11 14:52:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:52:55 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:52:55 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.11 14:52:53 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2011.10.11 14:52:53 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.09.12 06:01:15 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.05 09:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.06 13:22:26 | 000,168,576 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid) DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj) DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.12.18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4) DRV - [2002.09.03 19:31:12 | 000,019,296 | ---- | M] (Minolta Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_C.SYS -- (MLPTDR_C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dict.leo.org/ IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.08.08 18:42:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.04.27 16:07:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S60TrayApplication] C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe () O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE64C0-691D-4DB2-B089-840E422C0194}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4261174-F54D-4EFC-90D8-D987931A9D54}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.15 09:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.15 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Avira [2011.10.15 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.15 09:35:27 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.15 09:35:27 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.10.15 09:35:27 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.10.15 09:35:27 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.15 09:35:27 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.15 09:35:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.15 09:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.15 09:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.10 22:01:13 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\SUPERAntiSpyware.com [2011.10.10 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.10.10 22:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.10.10 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.10.10 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.10.10 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.10.10 21:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.10.10 18:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.10 18:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.10.09 18:41:47 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Malwarebytes [2011.10.09 18:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.09 18:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.09 18:41:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.09 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.09 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey-Pro [2011.10.09 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Warecentral [2010.10.15 10:11:22 | 001,668,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NM30.EXE ========== Files - Modified Within 30 Days ========== [2011.10.15 10:56:44 | 000,002,591 | ---- | M] () -- C:\Users\Reinhard\Desktop\Microsoft Office Word 2007.lnk [2011.10.15 10:39:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.15 09:55:29 | 000,704,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.15 09:55:29 | 000,650,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.15 09:55:29 | 000,156,174 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.15 09:55:29 | 000,127,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.15 09:40:51 | 000,221,936 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.15 09:40:51 | 000,221,936 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.10.15 09:40:21 | 000,002,429 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk [2011.10.15 09:40:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.10.15 09:40:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.15 09:40:00 | 000,004,784 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.15 09:40:00 | 000,004,784 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.15 09:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.15 09:39:27 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2011.10.15 09:38:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.10.15 09:36:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.11 14:52:55 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.11 14:52:55 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.11 14:52:53 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.10.11 14:52:53 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.10.10 22:00:47 | 000,001,760 | ---- | M] () -- C:\Users\Reinhard\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.10 21:52:56 | 000,158,638 | ---- | M] () -- C:\Users\Reinhard\Documents\cc_20111010_215241.reg [2011.10.10 21:14:17 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.10 21:10:40 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.10 18:07:15 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.10 17:35:38 | 000,031,909 | ---- | M] () -- C:\Users\Reinhard\Documents\85104-otl-otlogfile-oldtimer.htm [2011.10.09 17:24:25 | 000,261,850 | ---- | M] () -- C:\Users\Reinhard\Documents\Schienennetzplan_69_03_2011.pdf ========== Files Created - No Company Name ========== [2011.10.15 09:36:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.10 22:00:47 | 000,001,760 | ---- | C] () -- C:\Users\Reinhard\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.10 21:52:47 | 000,158,638 | ---- | C] () -- C:\Users\Reinhard\Documents\cc_20111010_215241.reg [2011.10.10 21:14:17 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.10 21:14:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.10.10 21:10:40 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.10 18:07:15 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.10 17:35:56 | 000,031,909 | ---- | C] () -- C:\Users\Reinhard\Documents\85104-otl-otlogfile-oldtimer.htm [2011.10.09 17:24:28 | 000,261,850 | ---- | C] () -- C:\Users\Reinhard\Documents\Schienennetzplan_69_03_2011.pdf [2011.10.09 17:17:22 | 000,002,429 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk [2011.07.17 11:25:44 | 000,004,479 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.07.17 11:25:25 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.04.28 15:58:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.28 15:57:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.27 16:03:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.27 16:03:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.27 16:03:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.27 16:03:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.27 16:03:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.10.15 09:26:41 | 000,024,206 | ---- | C] () -- C:\Users\Reinhard\AppData\Roaming\UserTile.png [2010.03.01 22:30:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.10.11 17:46:55 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\VendorCmdRW.dll [2009.10.11 17:46:39 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll [2009.05.15 20:59:09 | 000,017,408 | ---- | C] () -- C:\Users\Reinhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.11 17:44:53 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.03.22 12:55:16 | 000,000,617 | ---- | C] () -- C:\Windows\Emu48.ini [2008.11.10 01:46:04 | 000,221,936 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.10 01:45:59 | 000,221,936 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.12 21:41:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.09.12 06:03:48 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.09.12 06:03:25 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.09.12 06:03:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.09.12 06:03:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.09.12 05:56:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.09.12 05:56:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.09.12 05:54:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.09.11 17:12:00 | 000,704,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.09.11 17:12:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.09.11 17:12:00 | 000,156,174 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.09.11 17:12:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.09.11 17:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,377,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,650,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,127,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.10.10 14:09:52 | 000,022,040 | ---- | C] () -- C:\Windows\MSTMON_C.INI [2002.09.03 21:38:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MCMM___C.DLL [2002.09.03 17:38:02 | 000,010,242 | ---- | C] () -- C:\Windows\MSUMLT_C.INI [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.09.27 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Canon [2011.08.04 09:54:46 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Datalayer [2009.07.25 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\PC Suite [2010.10.15 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\PeerNetworking [2011.08.04 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Samsung [2009.05.11 17:44:45 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\ScanSoft [2010.09.20 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\SQLyog [2011.08.08 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\T-Mobile [2011.10.09 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\T-Mobile Internet Manager [2011.10.15 09:38:43 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:A5B56640 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:06A7F9ED < End of report > und die Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.10.2011 10:58:59 - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Reinhard\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,91% Memory free
6,20 Gb Paging File | 4,43 Gb Available in Paging File | 71,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,09 Gb Total Space | 49,94 Gb Free Space | 49,89% Space Free | Partition Type: NTFS
Drive D: | 188,00 Gb Total Space | 148,15 Gb Free Space | 78,80% Space Free | Partition Type: NTFS
Drive F: | 7,66 Gb Total Space | 7,58 Gb Free Space | 98,97% Space Free | Partition Type: FAT32
Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,53% Space Free | Partition Type: FAT
Computer Name: REINHARD-PC | User Name: Reinhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F4CFD2-E1DA-4321-8E38-E5A1C15B688F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{07429F46-517D-4558-BB77-2102DF0AC4A6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{12A22832-A60C-4D40-9B79-7CE446D414C3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{13F24517-A679-480A-8281-4B94C8CFCC92}" = rport=139 | protocol=6 | dir=out | app=system |
"{14315AEE-9EDC-4179-AE23-992AEE7822A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{14342C58-2D7D-4B98-9EE1-8BDFE096B036}" = rport=5358 | protocol=6 | dir=out | app=system |
"{17F32EB5-47EB-4A25-BC68-F53A0100A974}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1901E616-DDFA-4B10-8BDD-3AED50F3E06F}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{2043F52E-C031-4B7D-9B7D-EBBC90302A4C}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{209EA8D2-253E-4B80-ADD4-0A5014455AD2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{23E84EB8-EA38-4083-95F1-CD4453F9A02B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{306F8DD5-045C-4967-8594-A703435FA82E}" = rport=138 | protocol=17 | dir=out | app=system |
"{43810252-DADC-485B-8827-E130BAE3733B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{44A5D88A-21D7-4363-8AD4-FBDAE64E6ED0}" = lport=445 | protocol=6 | dir=in | app=system |
"{45472588-FAC0-47CB-AFD9-63D6BB69FAFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{45491F36-811B-466A-A44D-4CFD2F792F23}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{484B02A4-7099-490F-A89D-F631DAAC5B96}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4A7D91CE-11C1-4456-BD92-2D38DF8050DB}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4BF367EB-4124-465C-8DB0-7DE190A817D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4D3C5B61-FB12-4C5A-826A-1B89894ADB02}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4D62F391-020D-4945-8669-C3C5B55696B9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{68EDB7CD-9198-4827-82CC-43C13D1607AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D0970F8-EF4B-497A-B36E-B3DCAC03A14B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7282780A-3655-40D1-AA88-6F97B2EBDC66}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7ADC6558-348E-431A-91C8-CBCD109AB739}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8AB16911-0D7B-41C8-977D-44BC5C4BE206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B016B59-AE6A-4DD9-AE33-2BDB635F60FB}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{8CA2B3BF-01CF-4182-BDF1-89A96DA9BB0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EEA17F3-031A-48A3-9803-0AB37234ED96}" = rport=5357 | protocol=6 | dir=out | app=system |
"{8F0C27DC-B7FB-4E4C-A93D-B81AE62C55C1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A134E267-D1DC-4A49-9EF6-62F63F0A248A}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C078CEAB-9E2C-4AA7-BF39-41191040A91F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CD97FB65-BE4A-4E4F-8670-A5511B9A207D}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF35A2C2-F78B-4BD9-B318-DD07F89D9ADB}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFD72D7D-8E3A-4845-B3FF-C8D14BA5D255}" = lport=5357 | protocol=6 | dir=in | app=system |
"{E248DC6D-01A3-4C13-8C37-CD4673FB0046}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E5E99007-82B8-4FF4-87BA-352B2CAA4D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAA3D75C-C09B-4919-B619-49A17907D068}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EFC56220-B481-4260-88A3-AD02CA29754B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03187831-040B-44A4-9736-02C38C1175DD}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{06616141-AD25-4946-8AD7-22D796ED55F7}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{105FFEB6-74D9-4253-A6E8-EC096D00EE03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1F1EE647-BE75-41B0-9974-24C120279376}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{342C74D2-36AE-455E-8FD9-C95AAD9757C2}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{3BF2DFFC-1A48-4DDC-A610-170290D25E3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4330FEF9-005E-4ADA-AED6-9E051E805897}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{4D30629D-C6F5-47DC-8884-18EAF7FF2FDD}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{50143D51-CA3A-48A4-909D-B14410CDD2E6}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{5438BF79-A844-42C8-939B-645940C7F66D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{5BE67C95-876A-4186-8A53-97723EF0EBA1}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5E163527-D76A-4529-BC27-9474CF23F98D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C0E090D-EE3D-48FF-A7D5-1391FFAA64B7}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6C83C152-E86F-416B-A6D9-AFF1EBAFE1F5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7C3BA603-D923-4D24-B17E-7A67B5501C91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{830E78B9-B9CD-4D48-8BFD-CE3F8FA024F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{849076A7-8A1B-4429-BA29-B29387A77092}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{AD7B7FCA-4E93-47AF-A265-9F2049E21129}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B0E7BF0A-24B4-4C0A-8DD8-E0F6648C7A3C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CA5CDCDB-FD58-4D93-971C-3C95AE247306}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{D9B572E9-452B-4917-B48D-8652376E6B01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F04FB8FC-F1BD-4B04-8917-99E54A2B47BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0384A7C1-0456-4656-8CE1-A258744A1B4B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{14A71445-7880-40EE-B82A-8CD05C450833}C:\program files\netmeeting\conf.exe" = protocol=6 | dir=in | app=c:\program files\netmeeting\conf.exe |
"TCP Query User{3D276480-86C2-4782-93AC-7DB73206E0B3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{36026129-07A6-4219-813D-EF35855716C2}C:\program files\netmeeting\conf.exe" = protocol=17 | dir=in | app=c:\program files\netmeeting\conf.exe |
"UDP Query User{525DD375-282A-4C07-AF19-A23163D1EE0E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B3E18432-1B7C-481F-A5D8-3DCD48EB0FC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FD5F102-362D-45A9-9173-D83189FFE1DA}" = MySQL Server 5.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412AACB5-057F-465D-A542-A5A457106EE3}" = Driver Setup
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5EFA4EA3-0604-458C-A06D-485F6B2724C9}" = PrintKey-Pro v1.05
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.5.0)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C99A1F39-7A23-4BC9-BF0D-B41D4013CF37}" = Samsung PC Studio 7
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E46DA48B-B621-4D42-8E70-7D64E365F3D2}" = FreeRIP Toolbar v4.5
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MP520 series Benutzerregistrierung" = Canon MP520 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"DScaler 4.1.15_is1" = DScaler 4.1.15
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emu48" = Emu48
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FFDia_is1" = FFDia 1.00
"FixFoto MultiProzessor_is1" = FixFoto 2.91
"Google Chrome" = Google Chrome
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MINOLTA-QMS PagePro 1200W" = MINOLTA-QMS PagePro 1200W
"MonochromiX_is1" = MonochromiX 1.31 MultiProzessor
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NetMeeting" = NetMeeting 3.01
"NVIDIA Drivers" = NVIDIA Drivers
"PrintKey2000" = PrintKey2000
"ProInst" = Intel PROSet Wireless
"SQLyog Community" = SQLyog Community 8.12
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Internet Manager" = T-Mobile Internet Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2011 12:43:19 | Computer Name = Reinhard-PC | Source = System Restore | ID = 8193
Description =
Error - 08.08.2011 12:51:55 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2011 12:51:58 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 08.08.2011 12:51:58 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
Error - 11.08.2011 09:49:12 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 11.08.2011 09:49:12 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
Error - 11.08.2011 09:49:41 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2011 21:27:03 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2011 21:27:07 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 11.08.2011 21:27:07 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
[ OSession Events ]
Error - 17.06.2011 21:21:03 | Computer Name = Reinhard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27858
seconds with 420 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.07.2009 13:09:08 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2009 04:55:01 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 31.07.2009 04:55:17 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.07.2009 04:56:23 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2009 05:07:32 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 31.07.2009 05:08:06 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.07.2009 05:08:22 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2009 15:44:51 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 01.08.2009 15:45:08 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 01.08.2009 15:46:01 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Bei der Benutzung des Rechners ist mir derzeit nichts ungewöhnliches aufgefallen. Muss ich noch was tun? Viele Grüße Reinhard |
|
16.10.2011, 04:57
| #2 |
| /// Helfer-Team    | Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr 1.
__________________Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011.10.15 10:39:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.15 09:40:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
__________________ |
|
16.10.2011, 12:20
| #3 |
| | Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr Hallo,
__________________hier die TXT von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Reinhard
->Temp folder emptied: 4798260 bytes
->Temporary Internet Files folder emptied: 350563782 bytes
->Flash cache emptied: 794 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9255708 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 348,00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10162011_131124
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.10.2011 13:21:48 - Run 6 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Reinhard\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free 6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 49,08 Gb Free Space | 49,04% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 148,14 Gb Free Space | 78,80% Space Free | Partition Type: NTFS Drive F: | 7,66 Gb Total Space | 7,58 Gb Free Space | 98,97% Space Free | Partition Type: FAT32 Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,53% Space Free | Partition Type: FAT Computer Name: REINHARD-PC | User Name: Reinhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.15 12:03:01 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe PRC - [2011.10.11 14:52:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:52:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.11 14:52:27 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.10.11 14:52:26 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2011.10.11 14:52:26 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:52:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.10 17:36:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Reinhard\Downloads\OTL.exe PRC - [2011.09.14 21:04:59 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.30 10:27:50 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Reinhard\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2009.04.10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.09.19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.06.03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.23 09:02:48 | 002,146,840 | ---- | M] (WareCentral.com) -- C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe PRC - [2008.01.21 04:25:26 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.03.14 16:47:00 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe PRC - [2007.02.22 16:04:44 | 000,851,968 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2011.10.16 13:18:34 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2011.10.16 13:18:34 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2011.10.10 22:01:18 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011.10.10 22:01:18 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe MOD - [2007.03.14 16:47:00 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe MOD - [2007.03.13 09:35:00 | 000,569,344 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll MOD - [2007.03.04 22:45:08 | 000,028,160 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ger.NLR MOD - [2007.03.04 22:31:10 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\PCSuite\DataLayer\Lang\DataLayer_ger.NLR MOD - [2007.02.23 10:22:50 | 000,552,960 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 14:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:52:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 14:52:27 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.10.11 14:52:26 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2011.10.11 14:52:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:52:55 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:52:55 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.11 14:52:53 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2011.10.11 14:52:53 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.09.12 06:01:15 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.05 09:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.06 13:22:26 | 000,168,576 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid) DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj) DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.12.18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4) DRV - [2002.09.03 19:31:12 | 000,019,296 | ---- | M] (Minolta Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_C.SYS -- (MLPTDR_C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dict.leo.org/ IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.08.08 18:42:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.04.27 16:07:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S60TrayApplication] C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe () O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE64C0-691D-4DB2-B089-840E422C0194}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4261174-F54D-4EFC-90D8-D987931A9D54}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.16 13:11:24 | 000,000,000 | ---D | C] -- C:\_OTL [2011.10.15 21:16:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.10.15 21:15:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.15 21:15:07 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.15 21:15:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.15 21:15:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.15 21:15:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.15 09:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.15 09:53:03 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.15 09:52:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.15 09:52:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.15 09:52:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.10.15 09:52:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.10.15 09:52:42 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.10.15 09:52:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.10.15 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Avira [2011.10.15 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.15 09:35:27 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.15 09:35:27 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.10.15 09:35:27 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.10.15 09:35:27 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.15 09:35:27 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.15 09:35:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.15 09:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.15 09:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.10 22:01:13 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\SUPERAntiSpyware.com [2011.10.10 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.10.10 22:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.10.10 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.10.10 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.10.10 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.10.10 21:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.10.10 18:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.10 18:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.10.09 18:41:47 | 000,000,000 | ---D | C] -- C:\Users\Reinhard\AppData\Roaming\Malwarebytes [2011.10.09 18:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.09 18:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.09 18:41:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.09 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.09 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey-Pro [2011.10.09 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Warecentral [2010.10.15 10:11:22 | 001,668,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NM30.EXE ========== Files - Modified Within 30 Days ========== [2011.10.16 13:23:09 | 000,704,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.16 13:23:09 | 000,650,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.16 13:23:09 | 000,156,174 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.16 13:23:09 | 000,127,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.16 13:18:11 | 000,221,936 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.10.16 13:15:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.10.16 13:15:42 | 000,004,784 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.16 13:15:42 | 000,004,784 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.16 13:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.16 13:14:19 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2011.10.16 13:13:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.10.16 12:59:31 | 000,377,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.15 15:40:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.15 12:03:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.10.15 11:54:54 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.10.15 10:56:44 | 000,002,591 | ---- | M] () -- C:\Users\Reinhard\Desktop\Microsoft Office Word 2007.lnk [2011.10.15 09:40:51 | 000,221,936 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.15 09:40:21 | 000,002,429 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk [2011.10.15 09:36:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.11 14:52:55 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.11 14:52:55 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.11 14:52:53 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.10.11 14:52:53 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.10.10 22:00:47 | 000,001,760 | ---- | M] () -- C:\Users\Reinhard\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.10 21:52:56 | 000,158,638 | ---- | M] () -- C:\Users\Reinhard\Documents\cc_20111010_215241.reg [2011.10.10 21:14:17 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.10 18:07:15 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.10 17:35:38 | 000,031,909 | ---- | M] () -- C:\Users\Reinhard\Documents\85104-otl-otlogfile-oldtimer.htm [2011.10.09 17:24:25 | 000,261,850 | ---- | M] () -- C:\Users\Reinhard\Documents\Schienennetzplan_69_03_2011.pdf ========== Files Created - No Company Name ========== [2011.10.15 11:54:54 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.10.15 09:36:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.10 22:00:47 | 000,001,760 | ---- | C] () -- C:\Users\Reinhard\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.10 21:52:47 | 000,158,638 | ---- | C] () -- C:\Users\Reinhard\Documents\cc_20111010_215241.reg [2011.10.10 21:14:17 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.10 21:14:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.10.10 21:10:40 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.10 18:07:15 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.10 17:35:56 | 000,031,909 | ---- | C] () -- C:\Users\Reinhard\Documents\85104-otl-otlogfile-oldtimer.htm [2011.10.09 17:24:28 | 000,261,850 | ---- | C] () -- C:\Users\Reinhard\Documents\Schienennetzplan_69_03_2011.pdf [2011.10.09 17:17:22 | 000,002,429 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk [2011.07.17 11:25:44 | 000,004,479 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.07.17 11:25:25 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.04.28 15:58:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.28 15:57:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.27 16:03:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.27 16:03:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.27 16:03:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.27 16:03:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.27 16:03:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.10.15 09:26:41 | 000,024,206 | ---- | C] () -- C:\Users\Reinhard\AppData\Roaming\UserTile.png [2010.03.01 22:30:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.10.11 17:46:55 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\VendorCmdRW.dll [2009.10.11 17:46:39 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll [2009.05.15 20:59:09 | 000,017,408 | ---- | C] () -- C:\Users\Reinhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.11 17:44:53 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.03.22 12:55:16 | 000,000,617 | ---- | C] () -- C:\Windows\Emu48.ini [2008.11.10 01:46:04 | 000,221,936 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.10 01:45:59 | 000,221,936 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.12 21:41:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.09.12 06:03:48 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.09.12 06:03:25 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.09.12 06:03:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.09.12 06:03:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.09.12 05:56:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.09.12 05:56:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.09.12 05:54:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.09.11 17:12:00 | 000,704,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.09.11 17:12:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.09.11 17:12:00 | 000,156,174 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.09.11 17:12:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.09.11 17:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,377,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,650,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,127,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.10.10 14:09:52 | 000,022,040 | ---- | C] () -- C:\Windows\MSTMON_C.INI [2002.09.03 21:38:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MCMM___C.DLL [2002.09.03 17:38:02 | 000,010,242 | ---- | C] () -- C:\Windows\MSUMLT_C.INI [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.09.27 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Canon [2011.08.04 09:54:46 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Datalayer [2009.07.25 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\PC Suite [2010.10.15 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\PeerNetworking [2011.08.04 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\Samsung [2009.05.11 17:44:45 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\ScanSoft [2010.09.20 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\SQLyog [2011.08.08 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\T-Mobile [2011.10.09 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Reinhard\AppData\Roaming\T-Mobile Internet Manager [2011.10.16 13:13:31 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:A5B56640 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:06A7F9ED < End of report > [/code] und die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.10.2011 13:21:48 - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Reinhard\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,71% Memory free
6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,09 Gb Total Space | 49,08 Gb Free Space | 49,04% Space Free | Partition Type: NTFS
Drive D: | 188,00 Gb Total Space | 148,14 Gb Free Space | 78,80% Space Free | Partition Type: NTFS
Drive F: | 7,66 Gb Total Space | 7,58 Gb Free Space | 98,97% Space Free | Partition Type: FAT32
Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,53% Space Free | Partition Type: FAT
Computer Name: REINHARD-PC | User Name: Reinhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F4CFD2-E1DA-4321-8E38-E5A1C15B688F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{07429F46-517D-4558-BB77-2102DF0AC4A6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{12A22832-A60C-4D40-9B79-7CE446D414C3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{13F24517-A679-480A-8281-4B94C8CFCC92}" = rport=139 | protocol=6 | dir=out | app=system |
"{14315AEE-9EDC-4179-AE23-992AEE7822A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{14342C58-2D7D-4B98-9EE1-8BDFE096B036}" = rport=5358 | protocol=6 | dir=out | app=system |
"{17F32EB5-47EB-4A25-BC68-F53A0100A974}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1901E616-DDFA-4B10-8BDD-3AED50F3E06F}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{2043F52E-C031-4B7D-9B7D-EBBC90302A4C}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{209EA8D2-253E-4B80-ADD4-0A5014455AD2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{23E84EB8-EA38-4083-95F1-CD4453F9A02B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{306F8DD5-045C-4967-8594-A703435FA82E}" = rport=138 | protocol=17 | dir=out | app=system |
"{43810252-DADC-485B-8827-E130BAE3733B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{44A5D88A-21D7-4363-8AD4-FBDAE64E6ED0}" = lport=445 | protocol=6 | dir=in | app=system |
"{45472588-FAC0-47CB-AFD9-63D6BB69FAFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{45491F36-811B-466A-A44D-4CFD2F792F23}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{484B02A4-7099-490F-A89D-F631DAAC5B96}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4A7D91CE-11C1-4456-BD92-2D38DF8050DB}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4BF367EB-4124-465C-8DB0-7DE190A817D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4D3C5B61-FB12-4C5A-826A-1B89894ADB02}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4D62F391-020D-4945-8669-C3C5B55696B9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{68EDB7CD-9198-4827-82CC-43C13D1607AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D0970F8-EF4B-497A-B36E-B3DCAC03A14B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7282780A-3655-40D1-AA88-6F97B2EBDC66}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7ADC6558-348E-431A-91C8-CBCD109AB739}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8AB16911-0D7B-41C8-977D-44BC5C4BE206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B016B59-AE6A-4DD9-AE33-2BDB635F60FB}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{8CA2B3BF-01CF-4182-BDF1-89A96DA9BB0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EEA17F3-031A-48A3-9803-0AB37234ED96}" = rport=5357 | protocol=6 | dir=out | app=system |
"{8F0C27DC-B7FB-4E4C-A93D-B81AE62C55C1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A134E267-D1DC-4A49-9EF6-62F63F0A248A}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C078CEAB-9E2C-4AA7-BF39-41191040A91F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CD97FB65-BE4A-4E4F-8670-A5511B9A207D}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF35A2C2-F78B-4BD9-B318-DD07F89D9ADB}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFD72D7D-8E3A-4845-B3FF-C8D14BA5D255}" = lport=5357 | protocol=6 | dir=in | app=system |
"{E248DC6D-01A3-4C13-8C37-CD4673FB0046}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E5E99007-82B8-4FF4-87BA-352B2CAA4D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAA3D75C-C09B-4919-B619-49A17907D068}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EFC56220-B481-4260-88A3-AD02CA29754B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03187831-040B-44A4-9736-02C38C1175DD}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{06616141-AD25-4946-8AD7-22D796ED55F7}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{105FFEB6-74D9-4253-A6E8-EC096D00EE03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1F1EE647-BE75-41B0-9974-24C120279376}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{342C74D2-36AE-455E-8FD9-C95AAD9757C2}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{3BF2DFFC-1A48-4DDC-A610-170290D25E3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4330FEF9-005E-4ADA-AED6-9E051E805897}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{4D30629D-C6F5-47DC-8884-18EAF7FF2FDD}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{50143D51-CA3A-48A4-909D-B14410CDD2E6}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{5438BF79-A844-42C8-939B-645940C7F66D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{5BE67C95-876A-4186-8A53-97723EF0EBA1}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5E163527-D76A-4529-BC27-9474CF23F98D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C0E090D-EE3D-48FF-A7D5-1391FFAA64B7}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6C83C152-E86F-416B-A6D9-AFF1EBAFE1F5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7C3BA603-D923-4D24-B17E-7A67B5501C91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{830E78B9-B9CD-4D48-8BFD-CE3F8FA024F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{849076A7-8A1B-4429-BA29-B29387A77092}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{AD7B7FCA-4E93-47AF-A265-9F2049E21129}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B0E7BF0A-24B4-4C0A-8DD8-E0F6648C7A3C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CA5CDCDB-FD58-4D93-971C-3C95AE247306}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{D9B572E9-452B-4917-B48D-8652376E6B01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F04FB8FC-F1BD-4B04-8917-99E54A2B47BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0384A7C1-0456-4656-8CE1-A258744A1B4B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{14A71445-7880-40EE-B82A-8CD05C450833}C:\program files\netmeeting\conf.exe" = protocol=6 | dir=in | app=c:\program files\netmeeting\conf.exe |
"TCP Query User{3D276480-86C2-4782-93AC-7DB73206E0B3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{36026129-07A6-4219-813D-EF35855716C2}C:\program files\netmeeting\conf.exe" = protocol=17 | dir=in | app=c:\program files\netmeeting\conf.exe |
"UDP Query User{525DD375-282A-4C07-AF19-A23163D1EE0E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B3E18432-1B7C-481F-A5D8-3DCD48EB0FC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FD5F102-362D-45A9-9173-D83189FFE1DA}" = MySQL Server 5.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412AACB5-057F-465D-A542-A5A457106EE3}" = Driver Setup
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5EFA4EA3-0604-458C-A06D-485F6B2724C9}" = PrintKey-Pro v1.05
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.5.0)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C99A1F39-7A23-4BC9-BF0D-B41D4013CF37}" = Samsung PC Studio 7
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E46DA48B-B621-4D42-8E70-7D64E365F3D2}" = FreeRIP Toolbar v4.5
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MP520 series Benutzerregistrierung" = Canon MP520 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"DScaler 4.1.15_is1" = DScaler 4.1.15
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emu48" = Emu48
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FFDia_is1" = FFDia 1.00
"FixFoto MultiProzessor_is1" = FixFoto 2.91
"Google Chrome" = Google Chrome
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MINOLTA-QMS PagePro 1200W" = MINOLTA-QMS PagePro 1200W
"MonochromiX_is1" = MonochromiX 1.31 MultiProzessor
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NetMeeting" = NetMeeting 3.01
"NVIDIA Drivers" = NVIDIA Drivers
"PrintKey2000" = PrintKey2000
"ProInst" = Intel PROSet Wireless
"SQLyog Community" = SQLyog Community 8.12
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Internet Manager" = T-Mobile Internet Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.08.2011 16:27:25 | Computer Name = Reinhard-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel
0x4c8e2d72, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0xd86102c7, Prozess-ID 0x156c, Anwendungsstartzeit
01cc5c0c6203d110.
Error - 19.08.2011 07:27:18 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.08.2011 07:27:18 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 19.08.2011 07:27:18 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
Error - 20.08.2011 11:38:18 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 20.08.2011 11:38:18 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
Error - 20.08.2011 11:39:36 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2011 12:56:13 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at hxxp://www.mysql.com.
Error - 20.08.2011 12:56:13 | Computer Name = Reinhard-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
Error - 20.08.2011 12:57:29 | Computer Name = Reinhard-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 17.06.2011 21:21:03 | Computer Name = Reinhard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27858
seconds with 420 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.07.2009 13:09:08 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2009 04:55:01 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 31.07.2009 04:55:17 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.07.2009 04:56:23 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2009 05:07:32 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 31.07.2009 05:08:06 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 31.07.2009 05:08:22 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.08.2009 15:44:51 | Computer Name = Reinhard-PC | Source = HTTP | ID = 15016
Description =
Error - 01.08.2009 15:45:08 | Computer Name = Reinhard-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 01.08.2009 15:46:01 | Computer Name = Reinhard-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
[/code] viele Grüße Reinhard Geändert von reischa (16.10.2011 um 12:30 Uhr) |
|
17.10.2011, 05:44
| #4 | |
| /// Helfer-Team | Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner -> Zeitweise laufen lassen:-> Anleitung Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. reinige dein System mit Ccleaner:
4. wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes: Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung 4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
 Wenn Du uns unterstützen möchtest→ Spendekonto
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr |
| acrobat, ahnung, anti-malware, auffindbar, bösartige, dateien, disabletaskmgr, explorer, funktioniert, funktioniert nicht, funktioniert nicht mehr, laufen, logfile, microsoft, minute, msiexec.exe, nicht mehr, nt.dll, plötzlich, reader, recycle.bin, sched.exe, schei, service, software, system, taskmanager, troja, trojan.spyeyes, trojaner, value, version, verweise, virus gefunden |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Hybrid-Darstellung
