| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2012, 21:01
| #1 |
 |  Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo, nun hat es den Laptop (Windows Vista) meiner Frau auch erwischt, bei aktiver Internetverbindung erscheint der Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" mit der Aufforderung, eine kostenpflichtige Antivirensoftware herunterzuladen. Ohne Netzwerkverbindung läuft der Laptop. Die Tools habe ich mit meinem Rechner runtergeladen und per USB-Stick übertragen, die Logfiles nahmen den gleichen Weg zurück. Was ich bis jetzt gemacht habe: Defogger gestartet und Disable geklickt. Keine Fehlermeldung und keine Neustart erforderlich. OTL gestartet hier die Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 11.01.2012 19:26:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free 4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.11 19:07:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe PRC - [2011.11.23 08:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2011.09.20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.26 19:35:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2008.10.21 11:36:28 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe PRC - [2008.10.07 13:31:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe PRC - [2008.09.18 19:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.23 09:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2011.11.23 08:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2011.11.23 08:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2011.11.23 08:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2011.11.23 08:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2011.11.23 08:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2011.11.23 08:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2011.11.23 08:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2011.11.23 08:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2011.11.23 08:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2011.11.23 08:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2011.11.23 08:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2011.11.23 08:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ========== Win32 Services (SafeList) ========== SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 10:20:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 10:20:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.28 17:48:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.28 17:48:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 11:40:46 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2008.09.29 14:59:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.07.28 15:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] [2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions [2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged [2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE () (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma [2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation [2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.11 19:24:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.11 19:24:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.11 19:24:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.11 19:24:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job [2012.01.11 19:21:27 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.11 19:20:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.11 19:19:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.11 19:19:34 | 2414,067,712 | -HS- | M] () -- C:\hiberfil.sys [2012.01.01 22:16:34 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.01 16:52:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:19:34 | 2414,067,712 | -HS- | C] () -- C:\hiberfil.sys [2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh [2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited [2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ [2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin [2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar [2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird [2012.01.01 17:24:27 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2012 19:26:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free
4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system |
"{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ankh" = Ankh
"Ankh3" = Ankh3
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CodInstl" = Intel A/V Codecs V2.0
"Curse - The Eye of Isis" = Curse - The Eye of Isis
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"Holly im Wunderland" = Holly im Wunderland
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PirateVille" = PirateVille
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"So Blonde" = So Blonde
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2011 09:39:49 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.12.2011 09:40:57 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.12.2011 05:12:24 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 05:56:37 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 01.01.2012 17:16:44 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2012 14:13:43 | Computer Name = Martina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.01.2012 um 22:18:02 unerwartet heruntergefahren.
Error - 11.01.2012 14:14:08 | Computer Name = Martina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 11.01.2012 14:14:10 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:17 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:22 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:27 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.01.2012 14:21:10 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Der Scan brach nach einiger Zeit ab mit der Meldung: xxxxx.exe (gmer) funktioniert nicht mehr Das Programm wird aufgrund eines Porblems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Programm schließen Ein Logfile wurde nicht erstellt. Bis zum Abbruch waren bereits einige Meldungen, die ich aber leider nicht abgeschrieben habe, bevor ich das Fenster zugemacht habe. Ein zweiter Versuch im abgesicherten Modus endete sofort mit der gleichen Fehlermeldung, gmer ließ sich gar nicht starten. 3. Versuch, neuer Download (und damit neuer Dateiname), jetzt sofort im abgesicherten Modus ausgeführt Scan startet, bricht aber nach kurzer Zeit mit der gleichen Fehlermeldung ab. Keine weiteren Meldungen. Ich hoffe, ihr könnt mir helfen. Mfg Skraty |
| Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
| abbruch, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bildschirm, blockiert, bonjour, curse, error, excel, firefox, flash player, format, home, install.exe, installation, intranet, metin2, microsoft office word, monkey island, mozilla thunderbird, object, plug-in, realtek, registry, rundll, scan, search the web, senden, software, svchost.exe, udp, usb 2.0, version=1.0, vista, windows, wurde ihr |
Baum-Darstellung