| |
| |||||||
Log-Analyse und Auswertung: Windows Security Center: Warnung - PC gesperrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2012, 19:43
| #1 |
 |  Windows Security Center: Warnung - PC gesperrt! Hallo zusammen, leider habe ich auch die selbe Warnung vom Windows Security Center wie hier andere User auch. Brauche bitte Hilfe um meinen PC wieder zu bereinigen. Habe schon mal die beiden txt.Dateien erstellen lassen. Danke schon mal im Voraus für eure Unterstützung. |
|
05.02.2012, 09:58
| #2 | |||||
| /// Helfer-Team    | Windows Security Center: Warnung - PC gesperrt! Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_5810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
[2012.01.11 14:20:41 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.02.01 23:04:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.01.11 14:18:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.15 10:16:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.26 20:18:30 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.05 07:29:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [vasja] C:\Users\***\AppData\Local\Temp\0.8343861309758063.exe (Orb Networks)
[2012.02.02 12:22:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:131C0EE9
:Commands
[purity]
[emptytemp]
2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Deinstalliere: Zitat:
4. Deinstalliere (falls existieren) unter `Start→ Systemsteuereung→ Software/Programme... Code:
ATTFilter Conduit Engine <- Adware DVDVideoSoft Toolbar <- unnötig SweetIM <- Magnet für Malware Winload Community Toolbar <- <- Adware -ähnliches Verhalten Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 6. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
05.02.2012, 15:10
| #3 |
| | Windows Security Center: Warnung - PC gesperrt! Hallo Kira,
__________________erstmal danke für deine Antwort! Hier nun meine Dateien: 1. Fixen mit OTL Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\engine@conduit.com folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
Unable to fix default_search_provider items.
File C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
C:\Programme\Crawler\Toolbar\ctbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Nadia\AppData\Local\Temp\0.8343861309758063.exe moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\ProgramData\TEMP:814B9485 deleted successfully.
ADS C:\ProgramData\TEMP:3064D21D deleted successfully.
ADS C:\ProgramData\TEMP:ADE16379 deleted successfully.
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:DCAF903C deleted successfully.
ADS C:\ProgramData\TEMP:CE0A077E deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:8750DCE4 deleted successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nadia
->Temp folder emptied: 3993999939 bytes
->Temporary Internet Files folder emptied: 221386657 bytes
->Java cache emptied: 4349741 bytes
->FireFox cache emptied: 68862371 bytes
->Google Chrome cache emptied: 538606340 bytes
->Flash cache emptied: 3896467 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267793964 bytes
RecycleBin emptied: 3147300452 bytes
Total Files Cleaned = 7.864,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_125612
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Bericht Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.05.01 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Nadia :: NADIA-PC [Administrator] 05.02.2012 13:08:12 mbam-log-2012-02-05 (13-08-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 331036 Laufzeit: 48 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\02052012_125612\C_Users\Nadia\AppData\Local\Temp\0.8343861309758063.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) bei meiner Liste der installerierten Programme findest du noch das Programm "SweetIM for Messenger 3.0". Beim Versuch das Programm zu deinstallieren kommt ständig die Fehlermeldung: "Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an Supprt um weitere Unterstützung zu erhalten. Liste installierter Programme Code:
ATTFilter 7-Zip 9.20 14.09.2011 3,54MB Acer Backup Manager NewTech Infosystems 21.05.2009 234MB 1.0.0.53 Acer Crystal Eye webcam Ver:1.1.79.326 Chicony Electronics Co.,Ltd. 21.05.2009 1,30MB 1.1.79.326 Acer eRecovery Management Acer Incorporated 21.05.2009 11,7MB 4.00.3005 Acer GridVista Acer Inc. 21.05.2009 1,73MB 2.75.825 Acer PowerSmart Manager Acer Incorporated 21.05.2009 7,83MB 4.02.3006 Acer Product Registration Acer Incorporated 28.03.2010 5,92MB 3.0.0.10 Acer ScreenSaver Acer 21.05.2009 Acer VCM Acer Incorporated 21.05.2009 18,8MB 4.00.3006 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 30.03.2010 10.0.45.2 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 07.10.2011 11.0.1.152 Adobe Reader 9 - Deutsch Adobe Systems Incorporated 07.04.2009 232MB 9.0.0 Apple Application Support Apple Inc. 15.06.2011 51,0MB 1.5.2 Apple Mobile Device Support Apple Inc. 15.06.2011 22,1MB 3.4.1.2 Apple Software Update Apple Inc. 15.06.2011 2,25MB 2.1.3.127 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 30.03.2009 4,05MB 1.0.0.18 ATI Catalyst Install Manager ATI Technologies, Inc. 21.05.2009 13,8MB 3.0.715.0 Avira AntiVir Personal - Free Antivirus Avira GmbH 16.10.2011 93,7MB 10.2.0.704 BlueJ 2.1.2 Deakin University 05.01.2011 5,51MB Bonjour Apple Inc. 15.06.2011 1,12MB 2.0.5.0 Brother MFL-Pro Suite Brother Industries, Ltd. 29.04.2010 15,2MB 1.00 Canon Easy-PhotoPrint EX 24.08.2011 227MB Canon Easy-WebPrint EX 24.08.2011 6,81MB Canon IJ Network Scanner Selector EX 24.08.2011 8,20MB Canon IJ Network Tool 24.08.2011 2,97MB Canon Kurzwahlprogramm 24.08.2011 8,66MB Canon MP Navigator EX 4.1 24.08.2011 75,3MB Canon MX880 series Benutzerregistrierung 24.08.2011 2,31MB Canon MX880 series MP Drivers 24.08.2011 379MB Canon My Printer 24.08.2011 5,60MB Canon Solution Menu EX 24.08.2011 12,7MB CCleaner Piriform 04.02.2012 4,24MB 3.15 Compatibility Pack für 2007 Office System Microsoft Corporation 10.02.2011 39,9MB 12.0.6425.1000 eSobi v2 esobi Inc. 21.05.2009 22,9MB 2.0.3.000223 Firebird SQL Server - MAGIX Edition MAGIX AG 11.01.2011 10,1MB 2.1.23.0 GIMP 2.6.11 The GIMP Team 06.01.2011 111,1MB 2.6.11 Google Chrome Google Inc. 06.10.2010 123,3MB 16.0.912.77 Google Desktop Google 24.07.2010 61,7MB 5.9.1005.12335 Google Toolbar for Internet Explorer Google Inc. 13.01.2012 66,4MB 7.2.2427.2330 Hex-Editor MX NEXT-Soft 03.04.2010 0,64MB 6.0 Intel® Matrix Storage Manager Intel Corporation 21.05.2009 9,66MB IrfanView (remove only) 25.04.2010 1,61MB iTunes Apple Inc. 15.06.2011 144,0MB 10.3.1.55 J2SE Development Kit 5.0 Update 6 Sun Microsystems, Inc. 05.01.2011 284MB 1.5.0.60 J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 05.01.2011 152,3MB 1.5.0.60 Java(TM) 6 Update 26 Sun Microsystems, Inc. 31.03.2010 94,5MB 6.0.260 Launch Manager Acer Inc. 21.05.2009 4,88MB 2.0.03 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 04.02.2012 11,5MB 1.60.1.1000 Medieval II Total War SEGA 19.11.2010 11.624MB 1.03.000 Medieval II Total War : Kingdoms : Americas SEGA 19.11.2010 1.209MB 1.03.000 Medieval II Total War : Kingdoms : Britannia SEGA 19.11.2010 914MB 1.03.000 Medieval II Total War : Kingdoms : Crusades SEGA 19.11.2010 1.107MB 1.03.000 Medieval II Total War : Kingdoms : Teutonic SEGA 19.11.2010 1.037MB 1.03.000 Meltho Version 1.20 Beth Mardutho Institute 10.12.2010 5,99MB 1.2.0.0 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 12.02.2011 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.10.2010 27,8MB Microsoft Office Professional Edition 2003 Microsoft Corporation 12.02.2011 588MB 11.0.8173.0 Microsoft Office Suite Activation Assistant Microsoft Corporation 07.04.2009 8,37MB 2.9 Microsoft PowerPoint Viewer Microsoft Corporation 10.02.2011 148,6MB 14.0.4763.1000 Microsoft Research AutoCollage 2008 version 1.1 Microsoft Research 10.01.2011 7,44MB 1.01.2008 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.04.2009 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.02.2011 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.01.2012 0,33MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.07.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.01.2012 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 10.02.2011 378MB 9.7.0621 Mozilla Firefox 9.0.1 (x86 de) Mozilla 10.01.2012 38,3MB 9.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.04.2009 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.10.2010 1,34MB 4.20.9876.0 NTI Backup Now 5 NewTech Infosystems 07.04.2009 29,5MB 5.1.2.616 NTI Media Maker 8 NewTech Infosystems 07.04.2009 187,5MB 8.0.2.6509 Nvu 1.0 Thorsten Fritz 01.06.2010 22,0MB 1.0 OpenTTD 1.1.0-RC2 OpenTTD 06.03.2011 32,8MB 1.1.0-RC2 Optical Drive Power Management Acer Incorporated 21.05.2009 0,75MB 1.00.3006 Orion Convesoft 21.05.2009 15,0MB 2.5.0 PaperPort Image Printer Nuance Communications, Inc. 29.04.2010 0,38MB 1.00.0000 PC Draft P.E. Demo Microspot 26.03.2011 14,1MB 5.0.6 PDF24 Creator 3.0.0 PDF24.org 05.06.2011 39,4MB PowerDVD CyberLink Corp. 21.05.2009 154,0MB 7.0.4028.0 PSPad editor Jan Fiala 14.09.2011 14,6MB QuickTime Apple Inc. 15.06.2011 73,7MB 7.69.80.9 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.05.2009 11,6MB 6.0.1.5830 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 30.03.2009 6,61MB 6.0.6000.20113 SAMSUNG Mobile Modem Driver Set 23.04.2010 Samsung Mobile phone USB driver Software 23.04.2010 SAMSUNG Mobile USB Modem 1.0 Software 23.04.2010 SAMSUNG Mobile USB Modem Software 23.04.2010 Samsung PC Studio 3 Samsung Electronics Co., Ltd. 23.04.2010 131,0MB 3.2.1.71207 ScanSoft PaperPort 11 Nuance Communications, Inc. 29.04.2010 130,3MB 11.1.0000 Shape Collage Shape Collage Inc. 10.01.2011 0,76MB SimCity™ Societies Reisewelten Electronic Arts 20.11.2010 953MB 1.0.0.1 Skype™ 5.6 Skype Technologies S.A. 18.01.2012 19,5MB 5.6.110 SweetIM for Messenger 3.0 SweetIM Technologies Ltd. 07.04.2010 3,89MB 3.0.0004 Synaptics Pointing Device Driver Synaptics Incorporated 21.05.2009 20,3MB 12.2.2.0 Uninstall 1.0.0.1 18.01.2011 28,6MB Web Security Guard with Crawler Toolbar Crawler, LLC 01.02.2012 15,5MB Windows Live Anmelde-Assistent Microsoft Corporation 29.03.2010 1,93MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 05.01.2011 150,3MB 14.0.8117.0416 Windows Live OneCare safety scanner Microsoft Corporation 14.04.2010 44,7MB Windows Live Sync Microsoft Corporation 05.01.2011 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 07.04.2009 0,22MB 14.0.8014.1029 WinRAR 08.01.2011 3,79MB XAMPP 1.7.5 14.09.2011 394MB OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2012 14:42:56 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadia\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 79,76% Memory free 6,00 Gb Paging File | 5,61 Gb Available in Paging File | 93,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 186,23 Gb Free Space | 64,59% Space Free | Partition Type: NTFS Computer Name: NADIA-PC | User Name: Nadia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.02 16:45:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.06.11 23:10:08 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2008.03.30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2011.06.30 16:01:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.25 08:43:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 16:01:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 16:01:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.22 03:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.01 20:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009.03.19 08:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.03.19 06:33:14 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.03.19 06:18:28 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009.02.21 03:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.09.25 16:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.01.21 03:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008.01.21 03:23:27 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.07 21:39:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012.02.02 20:31:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 14:17:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 19:39:12 | 000,000,000 | ---D | M] [2010.03.29 20:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Extensions [2012.02.05 12:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions [2011.02.28 14:57:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.09 07:26:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.01.11 14:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.09 11:22:07 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: facemoods (Enabled) CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Google Mail = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O8 - Extra context menu item: Free YouTube Download - C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FAFB6D-C08D-4BF5-AC21-787996885DD4}: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5707BFAB-1C22-48D6-B5B8-E0846774E567}: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.05 14:43:25 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\OTL [2012.02.05 14:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.02.05 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.05 14:01:38 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.02.05 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Malwarebytes [2012.02.05 13:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.05 13:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.05 13:06:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.05 13:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.05 12:56:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012.02.02 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2012.02.02 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler [2012.02.02 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Local\Norman Malware Cleaner [2012.02.02 16:45:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe [2012.01.30 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Documents\AnyDVDHD [2012.01.30 18:51:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012.01.30 18:51:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2012.01.30 18:51:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2012.01.30 18:51:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2012.01.30 18:51:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012.01.30 18:51:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2012.01.30 18:50:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012.01.30 18:49:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2012.01.30 18:49:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2012.01.30 18:48:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2012.01.30 18:39:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2012.01.30 18:39:13 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2012.01.30 17:57:30 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2012.01.30 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2012.01.30 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\Neuer Ordner (2) [2012.01.30 16:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2012.01.30 16:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2012.01.30 16:19:48 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\AnyDVD [2012.01.30 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Documents\DVDFab Passkey [2012.01.30 15:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab [2012.01.30 15:47:51 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\DVDFab [2012.01.19 19:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.01.19 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.01.19 19:02:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.01.12 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\Neuer Ordner [2009.05.22 16:58:35 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2012.02.05 14:39:05 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.05 14:30:04 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.05 14:30:04 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.05 14:30:04 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.05 14:30:04 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.05 14:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.05 14:24:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 14:24:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 14:24:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.05 14:18:06 | 000,002,032 | ---- | M] () -- C:\Users\Nadia\AppData\Local\d3d9caps.dat [2012.02.05 13:06:36 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.02 23:03:55 | 000,464,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.02 16:45:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe [2012.02.02 12:01:20 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.01.30 21:50:04 | 000,049,152 | ---- | M] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.15 22:48:48 | 000,283,205 | ---- | M] () -- C:\Users\Nadia\Desktop\Web-Weiterbildung.pdf [2012.01.11 17:35:25 | 000,035,220 | ---- | M] () -- C:\Users\Nadia\Desktop\de.his.servlet.RequestDispatcherServlet.htm ========== Files Created - No Company Name ========== [2012.02.05 14:39:05 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.05 13:06:36 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 16:24:25 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.15 22:48:48 | 000,283,205 | ---- | C] () -- C:\Users\Nadia\Desktop\Web-Weiterbildung.pdf [2012.01.11 17:35:18 | 000,035,220 | ---- | C] () -- C:\Users\Nadia\Desktop\de.his.servlet.RequestDispatcherServlet.htm [2012.01.11 14:17:01 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.07.14 22:43:23 | 000,000,000 | ---- | C] () -- C:\Users\Nadia\AppData\Local\{02E6A710-921C-4DAE-BB0A-72BAAAA33C11} [2011.07.04 18:02:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.12 22:33:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.12.11 22:36:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.15 12:23:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.13 09:58:53 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI [2010.10.13 09:58:46 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini [2010.10.13 09:58:46 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini [2010.10.13 09:58:27 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI [2010.10.13 09:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI [2010.10.13 09:56:46 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.04.30 17:38:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.30 17:38:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.04.30 16:37:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2010.04.30 16:30:29 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.04.24 09:58:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.04.24 09:46:22 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.08 21:41:19 | 000,002,032 | ---- | C] () -- C:\Users\Nadia\AppData\Local\d3d9caps.dat [2010.03.29 20:37:52 | 000,049,152 | ---- | C] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.22 16:55:41 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.05.22 16:55:41 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.05.22 16:55:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.05.22 16:55:41 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.05.22 16:55:41 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.05.22 16:55:41 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.05.22 16:55:40 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.05.22 07:33:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.05.22 07:13:09 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2009.05.22 07:11:57 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.05.22 07:11:57 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.05.22 07:11:57 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.05.22 07:11:57 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.05.22 07:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.04.09 03:33:45 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.04.09 03:33:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.04.09 03:33:45 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.04.09 03:33:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.04.08 17:59:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.04.08 17:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.01 01:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.04.01 01:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.04.01 01:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.04.01 01:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,464,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 19:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [1995.08.09 23:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1995.08.09 23:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL [1995.08.09 23:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL [1995.08.09 23:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1995.08.09 23:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1995.08.09 23:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI ========== LOP Check ========== [2011.10.08 13:16:46 | 000,000,000 | -HSD | M] -- C:\Users\Nadia\AppData\Roaming\.# [2010.03.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Acer [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Acer GameZone Console [2011.10.13 11:47:25 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Canon [2011.11.09 11:40:22 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\DVDVideoSoft [2011.11.09 11:39:57 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.29 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\EA [2010.10.07 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\eSobi [2011.01.11 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\GetRightToGo [2011.06.24 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\gtk-2.0 [2010.05.31 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\iWin [2011.03.25 19:07:29 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\KompoZer [2011.03.25 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\MAGIX [2010.06.02 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Nvu [2011.04.24 12:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\PlayFirst [2010.04.24 18:30:48 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Samsung [2010.04.01 16:17:21 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Subversion [2011.02.02 15:03:30 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\TS3Client [2011.08.26 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\uTorrent [2012.02.05 14:24:55 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.02.2012 14:42:56 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 79,76% Memory free
6,00 Gb Paging File | 5,61 Gb Available in Paging File | 93,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 186,23 Gb Free Space | 64,59% Space Free | Partition Type: NTFS
Computer Name: NADIA-PC | User Name: Nadia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1420DD45-3204-41C1-8F06-D5AB6C56F421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1903C0AD-8DCC-4BCA-AF7E-FBCF12AB29AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19A5ADD5-7FB9-4839-B6E9-B2CF4BAA8006}" = rport=139 | protocol=6 | dir=out | app=system |
"{1FBC2510-1FA0-4DB1-8034-919B515ED2FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2EB20170-FA28-499A-B8C0-9FDCA5AAACEA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4295C35A-3C8C-47EF-9FF9-DD7A08C8CD34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4400669A-2A49-45A5-818D-14C79F211D22}" = lport=445 | protocol=6 | dir=in | app=system |
"{54613943-CE57-4630-BBFD-DB8B72834044}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F67BBB7-A48E-4142-A4B7-9D3A2F98A9C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{9550ADD3-516A-43D9-A76A-107AEF8BA826}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B2BC4F0-246B-4271-8591-6DC10A836EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACD1746E-3C8D-41BC-AD1A-4DE7E9E44E54}" = lport=138 | protocol=17 | dir=in | app=system |
"{B58B00E7-E9F9-4A2F-AD31-9EFBD6075752}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC505EBB-0167-4C64-B97E-6ED4755BBC9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3E61A8B-9EE8-41D7-9167-691146E4C269}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E58D169E-63D1-4161-BE36-06ACB5EBBF73}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7CF315E-04E8-4218-98C0-E60D454B2EDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F4D513ED-D646-47B3-87EF-57D40F4BC053}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7557EE8-2982-4243-A56E-561E12C0ACB1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE8FF7E9-81A9-4CE5-9C43-DC22E2FF2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC17F61-06B8-46F6-900F-30F8558261E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1213B9CB-AA9E-4520-AA8C-0410E4EB3401}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2751F58B-DA0B-4764-8A3B-FD5DB20B6095}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3366F917-B26D-4437-97BD-AEFC9AFCD013}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FAD6E5C-C8B8-46B8-B817-E93EB4BBAD9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4B4BF783-C45D-4A5B-9D0B-5D285CE93118}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C435EB7-4F72-49EA-A961-C743C6DF4473}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7C97D2E8-F092-4056-9D0B-329D9A5D6181}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9BF5761E-DFC1-4C43-AB2F-FA4384A04DCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE42203B-94F8-4A94-8AC4-A4F96A3F70B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BC6C9AF2-585B-4EBC-9C7C-95524BD39E52}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{C2BDD57D-BD5B-41C4-9D77-ACFB9F596E5D}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{C63DE288-C1AA-43EA-9C18-FD1BCCEE5E31}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C7DF10A9-D3DD-4EE5-9A19-2C566755C7FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6B1DEA8-4728-4C0D-B381-B6DD42F8C1DA}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E283F950-5417-47B3-AD50-258B0B9E39E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6CD5753-17EB-4A65-A593-78CB3396E1B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF71D745-E655-4156-9955-A74FBFC2082B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{29609449-18CA-4169-806C-CF9D9EB9E87B}C:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{2A096C90-455C-4BE0-B5CA-3E874DDD9091}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{38B984DC-7BDD-46AA-A95D-47FC54676B4D}C:\program files\java\jdk1.5.0_06\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.5.0_06\jre\bin\java.exe |
"TCP Query User{3B65C89F-2295-4EEE-8194-61497252200C}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{5168824F-29A3-4205-9459-C7CC95BD998E}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{480DED7D-CA61-4192-8F79-5CC44E0912E6}C:\program files\java\jdk1.5.0_06\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.5.0_06\jre\bin\java.exe |
"UDP Query User{5E3E8677-ECC0-4560-B652-B26D995615A3}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{72829114-373A-49C8-8868-E85AED0DB0C1}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{90C16C6E-E37C-41CB-9041-2A175A695C99}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{E32A028A-C1A6-4FCB-A48A-18CFD874FA6F}C:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0038A75F-1F5B-44FB-AA2F-6C6A4E068B1E}" = PC Draft P.E. Demo
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06DDB8E7-34B2-3BCE-3FE4-CB08D02786A6}" = CCC Help Chinese Standard
"{0B076372-FBD5-0EE3-8BBC-9B783CD32738}" = CCC Help Spanish
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0FC1D9E0-D9AC-CEDE-049A-C7EA22B79670}" = CCC Help Norwegian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BF56E7E-5921-CDBE-3FB8-5123B35AA0E1}" = Skins
"{1BFD05CA-4659-0FDB-2806-4D087901052B}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2052043E-700A-BCDF-48ED-C7E77568204F}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E30739-C840-5946-8C43-05AF23A110F9}" = CCC Help Korean
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25D5EF0F-721F-B0D3-77DF-B6D9681630DE}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3D27B9BF-142E-B7AA-EACB-7FC8B6EEBBAC}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{458B5643-6830-569F-4A18-7EAF31FCD4DE}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5736CB-521F-1C43-A442-0C192ED85D4B}" = Catalyst Control Center Core Implementation
"{4F482CDB-862E-FF9A-F86D-EC5612436A6A}" = Catalyst Control Center Localization All
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58DAD6DD-10EF-B671-6DC2-0ED54DE38F4C}" = Catalyst Control Center Graphics Full New
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{711E643E-939E-19EB-43A1-AA5EE3BBB648}" = CCC Help Czech
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7D587637-2D88-8E68-14C6-8D4F2031F35E}" = Catalyst Control Center Graphics Previews Vista
"{7E517DC5-116C-757D-A4AE-D02F0BFA9257}" = CCC Help Danish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E34E6E3-35E8-A5A1-EC08-1355C3094E23}" = Catalyst Control Center InstallProxy
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97FB4EFB-0FAE-1DC9-2C3F-FFA947A9CA18}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A323DDB1-B841-83F6-C724-ABB7EC52002C}" = CCC Help Italian
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF208106-BB8E-5836-6008-9A83F66390B9}" = CCC Help Turkish
"{B185DB30-AA74-ADF3-7B9A-B54575A440F8}" = CCC Help Russian
"{B34E8F86-CD2A-BC3E-5219-51F024538E0D}" = CCC Help Greek
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA045F53-BAC9-7ABB-9B11-019448C01A84}" = ccc-core-static
"{BDACCC61-38CA-CB8D-3492-D853DF44C143}" = CCC Help Dutch
"{BDFA049D-0D5D-5D5E-7846-77596368D60B}" = CCC Help Polish
"{BEB89F69-54E4-0838-CCE1-A2F43FC42A4C}" = CCC Help French
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64DA060-0205-D503-BD0B-679B84DD49A7}" = Catalyst Control Center Graphics Light
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC1C0A5A-B9A9-24AF-D58C-FC8764E8C1FD}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3DCC04E-2DA1-4280-A9D3-F3BD395C397F}" = Meltho Version 1.20
"{D5F0443B-2EBB-B51A-D497-71F50E6E8D4A}" = CCC Help Hungarian
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA86B571-BDB9-2FFA-554F-ECA0A79A67EB}" = CCC Help Swedish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E352F306-9A7C-2373-7D3B-8D5BF6867B22}" = CCC Help German
"{E44E27AA-17F4-9E7D-6132-816420AA9689}" = CCC Help English
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4154AF7-16F9-C6E3-FD79-D56BDB21A027}" = ATI Catalyst Install Manager
"{F6A7F383-24AB-421A-0289-8EE9F812ACA3}" = PX Profile Update
"{F81415D2-CEC9-4F96-9ABA-B2CC5382A930}" = SweetIM for Messenger 3.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 2.1.2
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Nvu_is1" = Nvu 1.0
"OpenTTD" = OpenTTD 1.1.0-RC2
"PSPad editor_is1" = PSPad editor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShapeCollage" = Shape Collage
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2012 13:01:49 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:01:50 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:01:50 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:01:50 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:01:50 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:04:46 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:04:46 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:04:46 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:04:46 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 13:04:46 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 05.02.2012 09:24:51 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.02.2012 09:25:58 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 05.02.2012 09:26:06 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 05.02.2012 09:26:07 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 05.02.2012 09:26:10 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 05.02.2012 09:26:11 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 05.02.2012 09:26:24 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 05.02.2012 09:26:24 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.02.2012 09:27:56 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 05.02.2012 09:29:38 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
< End of report >
Gruss |
|
06.02.2012, 16:26
| #4 | |
| /// Helfer-Team | Windows Security Center: Warnung - PC gesperrt!Zitat:
Software mit Revo Uninstaller deinstallieren Downloade von Revo Group die Freeware-Version des Revo Uninstallers
Starte den Rechner neu. 2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
06.02.2012, 17:03
| #5 |
| | Windows Security Center: Warnung - PC gesperrt! OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.02.2012 16:56:46 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadia\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 81,95% Memory free 6,01 Gb Paging File | 5,66 Gb Available in Paging File | 94,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 186,08 Gb Free Space | 64,54% Space Free | Partition Type: NTFS Computer Name: NADIA-PC | User Name: Nadia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.02 16:45:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.03.30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2011.06.30 16:01:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.25 08:43:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 16:01:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 16:01:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.22 03:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.01 20:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009.03.19 08:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.03.19 06:33:14 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.03.19 06:18:28 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009.02.21 03:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.09.25 16:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.01.21 03:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008.01.21 03:23:27 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.07 21:39:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012.02.02 20:31:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 14:17:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 19:39:12 | 000,000,000 | ---D | M] [2010.03.29 20:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Extensions [2012.02.05 12:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions [2011.02.28 14:57:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.09 07:26:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\bkz9qik5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.01.11 14:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.09 11:22:07 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: facemoods (Enabled) CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Google Mail = C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O8 - Extra context menu item: Free YouTube Download - C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FAFB6D-C08D-4BF5-AC21-787996885DD4}: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5707BFAB-1C22-48D6-B5B8-E0846774E567}: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.06 16:57:34 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\txt.dateien_2 [2012.02.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012.02.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012.02.05 14:43:25 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\txt.dateien [2012.02.05 14:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.02.05 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.05 14:01:38 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.02.05 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Malwarebytes [2012.02.05 13:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.05 13:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.05 13:06:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.05 13:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.05 12:56:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012.02.02 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2012.02.02 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler [2012.02.02 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Local\Norman Malware Cleaner [2012.02.02 16:45:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe [2012.01.30 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Documents\AnyDVDHD [2012.01.30 18:51:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012.01.30 18:51:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2012.01.30 18:51:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2012.01.30 18:51:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2012.01.30 18:51:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012.01.30 18:51:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2012.01.30 18:50:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012.01.30 18:49:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2012.01.30 18:49:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2012.01.30 18:48:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2012.01.30 18:39:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2012.01.30 18:39:13 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2012.01.30 17:57:30 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2012.01.30 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2012.01.30 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\Neuer Ordner (2) [2012.01.30 16:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2012.01.30 16:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2012.01.30 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Documents\DVDFab Passkey [2012.01.30 15:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab [2012.01.19 19:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.01.19 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.01.19 19:02:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.01.12 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Nadia\Desktop\Neuer Ordner [2009.05.22 16:58:35 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2012.02.06 16:58:03 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.06 16:58:03 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.06 16:58:03 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.06 16:58:03 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.06 16:53:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.06 16:45:54 | 000,001,061 | ---- | M] () -- C:\Users\Nadia\Desktop\Revo Uninstaller.lnk [2012.02.05 20:56:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 20:56:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.05 20:56:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.05 14:39:05 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.05 14:18:06 | 000,002,032 | ---- | M] () -- C:\Users\Nadia\AppData\Local\d3d9caps.dat [2012.02.05 13:06:36 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.02 23:03:55 | 000,464,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.02 16:45:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadia\Desktop\OTL.exe [2012.02.02 12:01:20 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.01.30 21:50:04 | 000,049,152 | ---- | M] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.15 22:48:48 | 000,283,205 | ---- | M] () -- C:\Users\Nadia\Desktop\Web-Weiterbildung.pdf [2012.01.11 17:35:25 | 000,035,220 | ---- | M] () -- C:\Users\Nadia\Desktop\de.his.servlet.RequestDispatcherServlet.htm ========== Files Created - No Company Name ========== [2012.02.06 16:45:54 | 000,001,061 | ---- | C] () -- C:\Users\Nadia\Desktop\Revo Uninstaller.lnk [2012.02.05 14:39:05 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.05 13:06:36 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 16:24:25 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.15 22:48:48 | 000,283,205 | ---- | C] () -- C:\Users\Nadia\Desktop\Web-Weiterbildung.pdf [2012.01.11 17:35:18 | 000,035,220 | ---- | C] () -- C:\Users\Nadia\Desktop\de.his.servlet.RequestDispatcherServlet.htm [2012.01.11 14:17:01 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.07.14 22:43:23 | 000,000,000 | ---- | C] () -- C:\Users\Nadia\AppData\Local\{02E6A710-921C-4DAE-BB0A-72BAAAA33C11} [2011.07.04 18:02:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.12 22:33:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.12.11 22:36:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.15 12:23:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.13 09:58:53 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI [2010.10.13 09:58:46 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini [2010.10.13 09:58:46 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini [2010.10.13 09:58:27 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI [2010.10.13 09:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI [2010.10.13 09:56:46 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.04.30 17:38:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.30 17:38:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.04.30 16:37:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2010.04.30 16:30:29 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.04.24 09:58:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.04.24 09:46:22 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.08 21:41:19 | 000,002,032 | ---- | C] () -- C:\Users\Nadia\AppData\Local\d3d9caps.dat [2010.03.29 20:37:52 | 000,049,152 | ---- | C] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.22 16:55:41 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.05.22 16:55:41 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.05.22 16:55:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.05.22 16:55:41 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.05.22 16:55:41 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.05.22 16:55:41 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.05.22 16:55:40 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.05.22 07:33:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.05.22 07:13:09 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2009.05.22 07:11:57 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.05.22 07:11:57 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.05.22 07:11:57 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.05.22 07:11:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.05.22 07:11:57 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.05.22 07:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.04.09 03:33:45 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.04.09 03:33:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.04.09 03:33:45 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.04.09 03:33:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.04.08 17:59:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.04.08 17:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.01 01:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.04.01 01:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.04.01 01:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.04.01 01:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,464,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 19:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [1995.08.09 23:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1995.08.09 23:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL [1995.08.09 23:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL [1995.08.09 23:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1995.08.09 23:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1995.08.09 23:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI ========== LOP Check ========== [2011.10.08 13:16:46 | 000,000,000 | -HSD | M] -- C:\Users\Nadia\AppData\Roaming\.# [2010.03.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Acer [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Acer GameZone Console [2011.10.13 11:47:25 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Canon [2011.11.09 11:40:22 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\DVDVideoSoft [2011.11.09 11:39:57 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.29 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\EA [2010.10.07 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\eSobi [2011.01.11 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\GetRightToGo [2011.06.24 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\gtk-2.0 [2010.05.31 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\iWin [2011.03.25 19:07:29 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\KompoZer [2011.03.25 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\MAGIX [2010.06.02 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Nvu [2011.04.24 12:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\PlayFirst [2010.04.24 18:30:48 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Samsung [2010.04.01 16:17:21 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Subversion [2011.02.02 15:03:30 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\TS3Client [2011.08.26 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\uTorrent [2012.02.05 20:56:46 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.02.2012 16:56:46 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,90 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 81,95% Memory free
6,01 Gb Paging File | 5,66 Gb Available in Paging File | 94,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 186,08 Gb Free Space | 64,54% Space Free | Partition Type: NTFS
Computer Name: NADIA-PC | User Name: Nadia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1420DD45-3204-41C1-8F06-D5AB6C56F421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1903C0AD-8DCC-4BCA-AF7E-FBCF12AB29AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19A5ADD5-7FB9-4839-B6E9-B2CF4BAA8006}" = rport=139 | protocol=6 | dir=out | app=system |
"{1FBC2510-1FA0-4DB1-8034-919B515ED2FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2EB20170-FA28-499A-B8C0-9FDCA5AAACEA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4295C35A-3C8C-47EF-9FF9-DD7A08C8CD34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4400669A-2A49-45A5-818D-14C79F211D22}" = lport=445 | protocol=6 | dir=in | app=system |
"{54613943-CE57-4630-BBFD-DB8B72834044}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F67BBB7-A48E-4142-A4B7-9D3A2F98A9C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{9550ADD3-516A-43D9-A76A-107AEF8BA826}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B2BC4F0-246B-4271-8591-6DC10A836EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACD1746E-3C8D-41BC-AD1A-4DE7E9E44E54}" = lport=138 | protocol=17 | dir=in | app=system |
"{B58B00E7-E9F9-4A2F-AD31-9EFBD6075752}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC505EBB-0167-4C64-B97E-6ED4755BBC9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3E61A8B-9EE8-41D7-9167-691146E4C269}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E58D169E-63D1-4161-BE36-06ACB5EBBF73}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7CF315E-04E8-4218-98C0-E60D454B2EDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F4D513ED-D646-47B3-87EF-57D40F4BC053}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7557EE8-2982-4243-A56E-561E12C0ACB1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE8FF7E9-81A9-4CE5-9C43-DC22E2FF2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC17F61-06B8-46F6-900F-30F8558261E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1213B9CB-AA9E-4520-AA8C-0410E4EB3401}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2751F58B-DA0B-4764-8A3B-FD5DB20B6095}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3366F917-B26D-4437-97BD-AEFC9AFCD013}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FAD6E5C-C8B8-46B8-B817-E93EB4BBAD9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4B4BF783-C45D-4A5B-9D0B-5D285CE93118}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C435EB7-4F72-49EA-A961-C743C6DF4473}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7C97D2E8-F092-4056-9D0B-329D9A5D6181}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9BF5761E-DFC1-4C43-AB2F-FA4384A04DCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE42203B-94F8-4A94-8AC4-A4F96A3F70B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BC6C9AF2-585B-4EBC-9C7C-95524BD39E52}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{C2BDD57D-BD5B-41C4-9D77-ACFB9F596E5D}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{C63DE288-C1AA-43EA-9C18-FD1BCCEE5E31}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C7DF10A9-D3DD-4EE5-9A19-2C566755C7FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6B1DEA8-4728-4C0D-B381-B6DD42F8C1DA}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E283F950-5417-47B3-AD50-258B0B9E39E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6CD5753-17EB-4A65-A593-78CB3396E1B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF71D745-E655-4156-9955-A74FBFC2082B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{29609449-18CA-4169-806C-CF9D9EB9E87B}C:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{2A096C90-455C-4BE0-B5CA-3E874DDD9091}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{38B984DC-7BDD-46AA-A95D-47FC54676B4D}C:\program files\java\jdk1.5.0_06\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.5.0_06\jre\bin\java.exe |
"TCP Query User{3B65C89F-2295-4EEE-8194-61497252200C}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{5168824F-29A3-4205-9459-C7CC95BD998E}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{480DED7D-CA61-4192-8F79-5CC44E0912E6}C:\program files\java\jdk1.5.0_06\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.5.0_06\jre\bin\java.exe |
"UDP Query User{5E3E8677-ECC0-4560-B652-B26D995615A3}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{72829114-373A-49C8-8868-E85AED0DB0C1}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{90C16C6E-E37C-41CB-9041-2A175A695C99}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{E32A028A-C1A6-4FCB-A48A-18CFD874FA6F}C:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\nadia\desktop\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0038A75F-1F5B-44FB-AA2F-6C6A4E068B1E}" = PC Draft P.E. Demo
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06DDB8E7-34B2-3BCE-3FE4-CB08D02786A6}" = CCC Help Chinese Standard
"{0B076372-FBD5-0EE3-8BBC-9B783CD32738}" = CCC Help Spanish
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0FC1D9E0-D9AC-CEDE-049A-C7EA22B79670}" = CCC Help Norwegian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BF56E7E-5921-CDBE-3FB8-5123B35AA0E1}" = Skins
"{1BFD05CA-4659-0FDB-2806-4D087901052B}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2052043E-700A-BCDF-48ED-C7E77568204F}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E30739-C840-5946-8C43-05AF23A110F9}" = CCC Help Korean
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25D5EF0F-721F-B0D3-77DF-B6D9681630DE}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3D27B9BF-142E-B7AA-EACB-7FC8B6EEBBAC}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{458B5643-6830-569F-4A18-7EAF31FCD4DE}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5736CB-521F-1C43-A442-0C192ED85D4B}" = Catalyst Control Center Core Implementation
"{4F482CDB-862E-FF9A-F86D-EC5612436A6A}" = Catalyst Control Center Localization All
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58DAD6DD-10EF-B671-6DC2-0ED54DE38F4C}" = Catalyst Control Center Graphics Full New
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{711E643E-939E-19EB-43A1-AA5EE3BBB648}" = CCC Help Czech
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7D587637-2D88-8E68-14C6-8D4F2031F35E}" = Catalyst Control Center Graphics Previews Vista
"{7E517DC5-116C-757D-A4AE-D02F0BFA9257}" = CCC Help Danish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E34E6E3-35E8-A5A1-EC08-1355C3094E23}" = Catalyst Control Center InstallProxy
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97FB4EFB-0FAE-1DC9-2C3F-FFA947A9CA18}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A323DDB1-B841-83F6-C724-ABB7EC52002C}" = CCC Help Italian
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF208106-BB8E-5836-6008-9A83F66390B9}" = CCC Help Turkish
"{B185DB30-AA74-ADF3-7B9A-B54575A440F8}" = CCC Help Russian
"{B34E8F86-CD2A-BC3E-5219-51F024538E0D}" = CCC Help Greek
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA045F53-BAC9-7ABB-9B11-019448C01A84}" = ccc-core-static
"{BDACCC61-38CA-CB8D-3492-D853DF44C143}" = CCC Help Dutch
"{BDFA049D-0D5D-5D5E-7846-77596368D60B}" = CCC Help Polish
"{BEB89F69-54E4-0838-CCE1-A2F43FC42A4C}" = CCC Help French
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64DA060-0205-D503-BD0B-679B84DD49A7}" = Catalyst Control Center Graphics Light
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC1C0A5A-B9A9-24AF-D58C-FC8764E8C1FD}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3DCC04E-2DA1-4280-A9D3-F3BD395C397F}" = Meltho Version 1.20
"{D5F0443B-2EBB-B51A-D497-71F50E6E8D4A}" = CCC Help Hungarian
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA86B571-BDB9-2FFA-554F-ECA0A79A67EB}" = CCC Help Swedish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E352F306-9A7C-2373-7D3B-8D5BF6867B22}" = CCC Help German
"{E44E27AA-17F4-9E7D-6132-816420AA9689}" = CCC Help English
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4154AF7-16F9-C6E3-FD79-D56BDB21A027}" = ATI Catalyst Install Manager
"{F6A7F383-24AB-421A-0289-8EE9F812ACA3}" = PX Profile Update
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 2.1.2
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Nvu_is1" = Nvu 1.0
"OpenTTD" = OpenTTD 1.1.0-RC2
"PSPad editor_is1" = PSPad editor
"Revo Uninstaller" = Revo Uninstaller 1.93
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShapeCollage" = Shape Collage
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2012 10:33:56 | Computer Name = Nadia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.01.2012 10:33:57 | Computer Name = Nadia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.02.2012 05:21:56 | Computer Name = Nadia-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2012 17:55:34 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:34 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:34 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:34 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:35 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:35 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 01.02.2012 17:55:35 | Computer Name = Nadia-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 06.02.2012 11:43:37 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.02.2012 11:48:30 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:53:47 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:53:54 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:53:55 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:53:58 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:53:59 | Computer Name = Nadia-PC | Source = DCOM | ID = 10005
Description =
Error - 06.02.2012 11:54:11 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.02.2012 11:54:11 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.02.2012 11:55:44 | Computer Name = Nadia-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
06.02.2012, 18:01
| #6 | |
| /// Helfer-Team | Windows Security Center: Warnung - PC gesperrt! 1. Zitat:
Code:
ATTFilter :OTL
[2011.04.09 11:22:07 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found
[2012.02.02 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2012.02.02 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2012.02.05 20:56:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.26 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\uTorrent
:Commands
[purity]
[emptytemp]
2. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 4. reinige dein System mit CCleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 7. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Windows Security Center: Warnung - PC gesperrt! |
|
06.02.2012, 18:29
| #7 |
| | Windows Security Center: Warnung - PC gesperrt! Beim Installieren von der neuen Java-Version kommt folgende Fehlermeldung: Auf den Dienst "Windows Installer" kann im abgesicherten Modus nicht zugegriffen werden. Wiederholen Sie den Vorgang wenn der Computer sich nicht im abgesicherten Modus befindet, oder verwenden Sie die Systemwiederherstellung, um den Computer in einen zuverlässigen Zustand zurückzuversetzen." Beim updaten von Adobe Reader kommt folgende Fehlermeldung: Beim Installationsvorgang ist ein Fehler aufgetreten. Wählen Sie... - Aktuelle Aktualisierung abbrechen und mit der Installation der verbleibenden Aktualisierungen fortfahren - Installation beenden und später fortsetzen |
|
06.02.2012, 19:18
| #8 |
| | Windows Security Center: Warnung - PC gesperrt! die Java Installation und das Update von Adobe Reader hat jetzt geklappt. Werde nun die nächsten Schritte bearbeiten und dann das Ergebnis hier rein posten |
|
07.02.2012, 00:15
| #9 |
| | Windows Security Center: Warnung - PC gesperrt! Fixen mit OTL Code:
ATTFilter All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Unable to fix default_search_provider items.
File C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar folder moved successfully.
C:\Program Files\Crawler\Toolbar\Update folder moved successfully.
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct folder moved successfully.
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct folder moved successfully.
C:\Program Files\Crawler\Toolbar\Languages folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\components\WSG_Gecko folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\components folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\chrome folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox folder moved successfully.
C:\Program Files\Crawler\Toolbar folder moved successfully.
C:\Program Files\Crawler\Download folder moved successfully.
C:\Program Files\Crawler folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Nadia\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Nadia\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Nadia\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Nadia\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nadia
->Temp folder emptied: 212056 bytes
->Temporary Internet Files folder emptied: 33271 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66049532 bytes
->Google Chrome cache emptied: 6827605 bytes
->Flash cache emptied: 615 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 4423666 bytes
Total Files Cleaned = 74,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02062012_180644
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
SuperAntiSpyware - Protokolle ich habe den Scan 2 Mal durchgeführt, da ich beim ersten Mal ausversehen nur einen QuickScan durchlaufen lies. Dabei wurden 2 infizierte Dateien gefunden. Bei 2. Mal lies ich dann den "kompletten Scan" durchlaufen. QuickScan Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/06/2012 at 07:54 PM
Application Version : 5.0.1144
Core Rules Database Version : 8205
Trace Rules Database Version: 6017
Scan type : Quick Scan
Total Scan Time : 00:11:56
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator
Memory items scanned : 858
Memory threats detected : 0
Registry items scanned : 27148
Registry threats detected : 0
File items scanned : 7378
File threats detected : 2
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\NADIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BKZ9QIK5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NADIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BKZ9QIK5.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 02/06/2012 bei 09:12 PM
Version der Applikation : 5.0.1144
Version der Kern-Datenbank : 8205
Version der Spur-Datenbank : 6017
Scan Art : kompletter Scann
Totale Scann-Zeit : 01:16:29
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator
Gescannte Speicherelemente : 874
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 34496
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 41458
Erfasste Datei-Elemente : 0
Komplett-Systemcheck Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=10546c1c5cf3ad488b2c60428ad54610
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 10:47:24
# local_time=2012-02-06 11:47:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 7800 65101340 5596 0
# compatibility_mode=5892 16776573 100 100 11691 166093612 0 0
# compatibility_mode=8192 67108863 100 0 3760 3760 0 0
# scanned=169067
# found=0
# cleaned=0
# scan_time=7560
aktueller Zustand des Computers: ich kann mich nun wieder im normalen Modus einloggen, ohne dass der PC gesperrt wird. Die letzten 2 Scans, die ich durchführte, ergaben keine infizierten Dateien. Soweit läuft der Computer wieder ganz normal. |
|
07.02.2012, 08:09
| #10 | ||
| /// Helfer-Team | Windows Security Center: Warnung - PC gesperrt! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes: Alle Systemwiederherstellungspunkte löschen, auch den Letzten 4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
08.02.2012, 12:03
| #11 |
| | Windows Security Center: Warnung - PC gesperrt! Vielen vielen Dank für deine Hilfe Kira. Endlich funktionierts wieder. Ist echt ein super Forum hier! |
|
| Themen zu Windows Security Center: Warnung - PC gesperrt! |
| andere, bereinige, brauche, center, erstelle, erstellen, gesperrt, hallo zusammen, pc gesperrt, security, security center, unterstützung, warnung, windows, windows security, windows security center, zusammen |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
