| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreatorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2012, 19:06
| #1 |
 |  Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Hallo liebes Trojaner-Board-Team, nachdem sich meine Freundin den PDFCreator von chip.de (www.chip.de/downloads/PDFCreator_13009777.html) runtergeladen hat, hat sich Avira bei der Installation gemeldet mit: Code:
ATTFilter 22.04.2012 21:56 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Nele\AppData\Local\Temp\is-2T3LV.tmp\InstallManager.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.04.2012 21:56 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Nele\AppData\Local\Temp\is-2T3LV.tmp\InstallManager.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Nun wollte ich fragen, ob der Laptop jetzt sicher ist. Nach den Hinweisen zum Erstellen von Posts habe ich dann noch den Defogger laufen lassen, dann DDS und anschließend GMER im abgesicherten Modus (MBAM habe ich dann auch gleich nochmal im AM laufen lassen). DDS: Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nele at 9:28:34 on 2012-04-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.1898 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uDefault_Page_URL = hxxp://www.aldi.com
uInternet Settings,ProxyServer = bibliothek.fh-fresenius.de:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LMgrVolOSD] "c:\program files\launch manager\OSD.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\nele\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nele\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 62.109.123.196 213.191.74.18 192.168.0.1
TCP: Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937} : DhcpNameServer = 62.109.123.196 213.191.74.18 192.168.0.1
TCP: Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}\6427563756E69657374427164786C6F637 : DhcpNameServer = 192.168.172.1
TCP: Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nele\appdata\roaming\mozilla\firefox\profiles\h7wflwku.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 217.17.29.34
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 217.17.29.34
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 217.17.29.34
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 217.17.29.34
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 217.17.29.34
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\nele\appdata\roaming\mozilla\firefox\profiles\h7wflwku.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nele\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nele\appdata\roaming\mozilla\firefox\profiles\h7wflwku.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\users\nele\appdata\roaming\mozilla\firefox\profiles\h7wflwku.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-16 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-16 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-16 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-16 74640]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-2-3 1155072]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-4-22 13336]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-4-22 2320920]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-22 132352]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-22 232960]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-4-14 67624]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2010-4-22 118560]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2010-4-22 13720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 NxpCap;CTX capture service;c:\windows\system32\drivers\NxpCap.sys [2010-4-14 1558368]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-6-3 33792]
S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-3-20 38144]
S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-3-27 32768]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-4-22 191008]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2011-10-23 1521544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-7 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-9 1343400]
.
=============== Created Last 30 ================
.
2012-04-25 07:20:34 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff8ea98c-d19f-485e-92c7-70312f209f90}\mpengine.dll
2012-04-22 21:05:25 -------- d-----w- c:\users\nele\appdata\roaming\Malwarebytes
2012-04-22 21:05:17 -------- d-----w- c:\programdata\Malwarebytes
2012-04-22 21:05:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-22 21:05:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 10:12:50 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:12:50 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:12:50 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:12:50 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:11:24 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 10:11:24 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-31 13:08:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 18:28:44 -------- d-----w- c:\users\nele\appdata\roaming\ProtectDisc
2012-03-28 18:27:47 -------- d-----w- c:\users\nele\appdata\local\Apps
2012-03-28 18:27:46 -------- d-----w- c:\users\nele\appdata\local\Deployment
.
==================== Find3M ====================
.
2012-04-15 06:50:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:29:22,39 ===============
Ich danke schon vielmals für die Hilfe.  |
|
26.04.2012, 07:49
| #2 | ||
| /// Helfer-Team    | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
26.04.2012, 23:10
| #3 |
| | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Okay. Ich habe die Liste abgearbeitet. Hier sind die Ergebnisse.
__________________MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.26.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Nele :: SCHACK_JR [Administrator] 26.04.2012 21:47:23 mbam-log-2012-04-26 (21-47-23).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381130 Laufzeit: 1 Stunde(n), 30 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 26.04.2012 23:37:29 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Nele\Desktop\Anti Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 55,95% Memory free 5,73 Gb Paging File | 4,33 Gb Available in Paging File | 75,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 23,17 Gb Free Space | 8,68% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 19,06 Gb Free Space | 63,53% Space Free | Partition Type: NTFS Computer Name: SCHACK_JR | User Name: Nele | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nele\Desktop\Anti\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (PIXMCV) -- C:\Windows\System32\drivers\pixmcvc.sys (Pixela) DRV - (PIXMCVV) -- C:\Windows\System32\drivers\pixmcvv.sys (Pixela) DRV - (PIXMCVA) -- C:\Windows\System32\drivers\pixmcva.sys (Pixela) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AF56D317-6C7A-420E-8EE7-36E7B0760420}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = bibliothek.fh-fresenius.de:8080 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "CHIP Online Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3 FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:1.0.0 FF - prefs.js..extensions.enabledItems: simpletimer@grbradt.org:1.10 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.6 FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1 FF - prefs.js..extensions.enabledItems: zoteroscholarcitations@beloglazov.info:1.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..network.proxy.backup.ftp: "217.17.29.34" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "217.17.29.34" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "217.17.29.34" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "217.17.29.34" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "217.17.29.34" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "217.17.29.34" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "217.17.29.34" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: ", stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "217.17.29.34" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "217.17.29.34" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nele\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.01.19 21:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 09:51:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 20:48:09 | 000,000,000 | ---D | M] [2010.08.13 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Extensions [2010.08.13 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.26 23:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions [2012.03.30 09:58:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.18 19:07:45 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\2020Player@2020Technologies.com [2011.09.17 10:34:42 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\2020Player_IKEA@2020Technologies.com [2012.03.18 13:22:33 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\foxyproxy@eric.h.jung [2012.02.17 19:55:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\zotero@chnm.gmu.edu [2012.03.18 13:22:35 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\zoteroWinWordIntegration@zotero.org [2011.11.02 23:10:10 | 000,002,122 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\chip-online-suche.xml [2010.06.22 17:49:41 | 000,001,504 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\imdb.xml [2010.09.06 16:39:25 | 000,002,661 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\opensubtitles.xml [2010.06.25 21:26:17 | 000,000,961 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\shareminercom.xml [2011.09.05 00:04:42 | 000,002,006 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\urban-dictionary.xml [2010.07.26 00:08:39 | 000,001,330 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wikipedia-en.xml [2011.02.10 17:26:16 | 000,002,446 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wiktionary-de.xml [2010.06.22 17:49:20 | 000,004,140 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\youtube.xml [2011.10.16 11:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\SIMPLETIMER@GRBRADT.ORG.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\ZOTEROSCHOLARCITATIONS@BELOGLAZOV.INFO.XPI [2012.03.20 09:51:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.07 15:15:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.07 15:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.07 15:15:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.07 15:15:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.07 15:15:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.07 15:15:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Citavi Picker... - file://C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html File not found O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\Shell - "" = AutoRun O33 - MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\Shell\AutoRun\command - "" = F:\RUNME.bat O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.04.25 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\Anti [2012.04.23 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\Berichte [2012.04.22 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Malwarebytes [2012.04.22 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.22 23:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.22 23:05:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.22 23:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.22 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\2012-04-22 PDSS [2012.04.22 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\2012-04-19 titel [2012.04.11 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 12:16:47 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 12:16:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 12:16:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 12:16:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 12:11:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 12:11:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.31 15:08:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.03.28 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\ProtectDisc [2012.03.28 20:28:31 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Patholinguistische Diagnostik [2012.03.28 20:27:47 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Local\Apps [2012.03.28 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Local\Deployment [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.26 23:34:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.26 23:34:03 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012.04.26 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.26 21:50:26 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 21:50:26 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 21:46:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.26 21:46:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.26 21:46:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.26 21:46:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.25 09:27:23 | 000,000,000 | ---- | M] () -- C:\Users\Nele\defogger_reenable [2012.04.22 23:05:18 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.22 12:23:24 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001D5A.LCS [2012.04.15 17:17:47 | 000,360,835 | ---- | M] () -- C:\Users\Nele\Desktop\mottiertest.pdf [2012.04.15 08:50:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.15 08:50:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.29 07:59:57 | 000,421,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.28 20:28:32 | 000,000,332 | ---- | M] () -- C:\Users\Nele\Desktop\Patholinguistische Diagnostik bei Sprachentwicklungsstörungen.appref-ms [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.25 09:27:23 | 000,000,000 | ---- | C] () -- C:\Users\Nele\defogger_reenable [2012.04.22 23:05:18 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 17:17:47 | 000,360,835 | ---- | C] () -- C:\Users\Nele\Desktop\mottiertest.pdf [2012.03.31 15:08:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.28 20:28:46 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001D5A.LCS [2012.03.28 20:28:32 | 000,000,332 | ---- | C] () -- C:\Users\Nele\Desktop\Patholinguistische Diagnostik bei Sprachentwicklungsstörungen.appref-ms [2011.10.23 12:06:02 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys [2011.10.23 09:59:43 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe [2011.10.23 09:59:43 | 000,025,608 | ---- | C] () -- C:\Windows\System32\drivers\StkCSam.sys [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.24 23:37:33 | 000,014,848 | ---- | C] () -- C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.23 15:36:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.22 22:57:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.06.22 22:02:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.06.22 18:00:25 | 000,000,000 | ---- | C] () -- C:\Users\Nele\AppData\Roaming\wklnhst.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:548232DE < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2012 23:37:29 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Nele\Desktop\Anti
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 55,95% Memory free
5,73 Gb Paging File | 4,33 Gb Available in Paging File | 75,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 23,17 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 19,06 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
Computer Name: SCHACK_JR | User Name: Nele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A7BB90-94EB-42A0-BB3D-CC707FF873E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{0C9A92EF-9EDB-4675-A281-F3E915C360B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1AA29434-8FA7-4408-8672-1827EDC28E13}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CC6F20D-5377-4207-97F6-D63B35D06438}" = lport=139 | protocol=6 | dir=in | app=system |
"{219FBBC2-33E2-4501-BAB3-87E8BAF35D45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F1CF472-75D0-4210-B074-AE153D79715C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{345DD22E-8646-4E2B-9FCE-427854C0D01A}" = lport=138 | protocol=17 | dir=in | app=system |
"{34759FA1-AD15-4E1B-83F6-16EC415F224B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{431CF4BD-F4C3-40A1-94BF-78DA587081BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E0AF8C6-A76B-4297-B668-F384BA7207A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739BAB64-811D-4F4D-9ED5-895BA6F27B1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7663145F-2C57-403B-99BE-DECB82362E67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{879ED60B-3953-4309-A0D3-3D86196D6955}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A92827B-4B40-4DE1-A200-BECC3ADB6BD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92922AD5-22C3-45FE-A8FA-040E1C48A942}" = rport=138 | protocol=17 | dir=out | app=system |
"{970BE2D1-9EA6-434C-9224-09920AA85634}" = lport=137 | protocol=17 | dir=in | app=system |
"{A725CCE6-46F4-41A3-9C69-FB42BEBE6918}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A8FB3D88-7572-4F18-9549-7DDD2EC7F754}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF78D111-8032-4E0B-B56D-BB38943162EC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5266201-B30D-46F7-B96A-164C9DED1220}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD1F6E10-A3DF-4F05-B1C6-0EF69A873AD0}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD38B9BD-9242-488E-A75A-CBB888B96242}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0C04847-E84A-45E2-AD10-D93BB397D099}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED7B1FE2-E61E-485D-8DE1-609D7D34C62C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7106C57-FDA8-4B42-AE1B-550FAFB9688E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2D6B4F-8F0E-4F50-8D9A-A7FD87A65C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C38E39E-ECA9-4F28-9AD1-97045861C70D}" = protocol=6 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"{109B609F-9AE6-4399-8C97-630373DD4A24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2729903B-259D-4346-B529-D50EA035BB55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{37BD6AB5-379F-40E3-AC88-7370E963219E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{537720AB-4BCE-4D65-BE6B-325B1437FE53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{59810A99-3D23-49F3-B195-FE296DA752B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{746E68DE-6CF9-40EE-AFC3-A4E45D186C95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{82D0373E-C4B6-4FFB-A749-AD9F683E2908}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8382F56D-7574-4DF6-A228-4E6C5044775E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8434744C-7D9A-407C-8147-C51771463519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{890744D9-1879-4741-A24B-F451B3071B3D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8F4A467A-D5BE-49F8-A043-C23DB585B6C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97E3249B-9623-43AA-9E56-C913513A2893}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B44E7248-3EE4-43EC-AAC3-02D63E33130E}" = protocol=6 | dir=out | app=system |
"{C508FB88-4D11-473B-AE6D-70C5C70AD6BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8CD224F-2AC5-40EB-94D8-A22A13133E51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA02B5E2-88BF-4B51-B3D3-F7C470CFEE6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DDD8E63F-BFE0-4C5D-A009-99200CE6C738}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E195C058-8906-47F3-A7AA-6748599C6BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F8F8BC-C36F-4D7F-8072-350C05699281}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8A78A7B-F160-461D-BC88-75CB3236A1EB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E929EB44-B9E6-416B-87D7-B7EDF10257C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E965A0BE-FD11-41EB-8DD9-EB0A94A55E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE70A816-A8F5-4544-AFB1-F060E5942E17}" = protocol=17 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"{F50687E8-33E2-46EB-9885-01261215ED86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1938DDC7-D450-4625-811D-CC1A030BDEF9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{343166C6-C58A-4A66-884A-32D1B0B2467F}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DD79E304-AE76-4C92-B5B3-CD539265FEC1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F3F79924-1899-4531-975B-371D25910E44}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1" = And Yet It Moves 1.2.0
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CCF060E-91A1-4E3C-B376-DACA2D1A358A}" = PDSS.FontInstaller
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68260A58-E952-4182-A26C-A4144B230174}" = Wetter Gadget
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BDCFCC-E17A-41A4-B5CA-3CBBA241E5B0}_is1" = FluencyCoach 1.0.2.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Broken Sword - Director's Cut_is1" = Broken Sword - Director's Cut
"Broken Sword - The Sleeping Dragon" = Broken Sword - The Sleeping Dragon
"Broken Sword - The Sleeping Dragon_is1" = Broken Sword - The Sleeping Dragon
"Broken Sword II - The Smoking Mirror Director's Cut_is1" = Broken Sword II - The Smoking Mirror Director's Cut
"Cogs" = Cogs
"Gobliiins Pack_is1" = Gobliiins Pack
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Standard)
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"quicktime_lite_is1" = QT Lite 4.1.0
"ScummVM_is1" = ScummVM 1.4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Feeble Files_is1" = The Feeble Files
"VirtualCloneDrive" = VirtualCloneDrive
"VLMC" = VideoLAN Movie Creator
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e2028b333c57027" = Patholinguistische Diagnostik bei Sprachentwicklungsstörungen
"Dropbox" = Dropbox
"Tangram" = Tangram
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2012 09:08:33 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003c311 ID des fehlerhaften Prozesses:
0xa70 Startzeit der fehlerhaften Anwendung: 0x01ccee3e5bd7edb7 Pfad der fehlerhaften
Anwendung: C:\Program Files\Launch Manager\WButton.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Launch Manager\WButton.exe Berichtskennung: a8a2ee36-5a31-11e1-b921-00262dbec614
Error - 25.02.2012 11:51:04 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052d24 ID des fehlerhaften
Prozesses: 0x6e4 Startzeit der fehlerhaften Anwendung: 0x01ccf3d5450627f1 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 85923c06-5fc8-11e1-955e-00262dbec614
Error - 28.02.2012 12:25:56 | Computer Name = Schack_Jr | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17c4 Startzeit:
01ccf5fced6b24ac Endzeit: 68 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
e0878150-6228-11e1-a939-00262dbec614
Error - 22.03.2012 03:11:25 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003c311 ID des fehlerhaften Prozesses:
0xa34 Startzeit der fehlerhaften Anwendung: 0x01cd07faf251cf16 Pfad der fehlerhaften
Anwendung: C:\Program Files\Launch Manager\WButton.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Launch Manager\WButton.exe Berichtskennung: 3c05d309-73ee-11e1-baa0-00262dbec614
Error - 26.03.2012 01:59:49 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003c311 ID des fehlerhaften Prozesses:
0xaa4 Startzeit der fehlerhaften Anwendung: 0x01cd0b1552848080 Pfad der fehlerhaften
Anwendung: C:\Program Files\Launch Manager\WButton.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Launch Manager\WButton.exe Berichtskennung: e5210253-7708-11e1-b5da-00262dbec614
Error - 15.04.2012 04:01:42 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6024.1000,
Zeitstempel: 0x4d83e310 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000320f0 ID des fehlerhaften
Prozesses: 0x1394 Startzeit der fehlerhaften Anwendung: 0x01cd1ad785647a9d Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
3c3aca1f-86d1-11e1-95a5-00262dbec614
Error - 24.04.2012 11:26:34 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2004
Description =
Error - 24.04.2012 11:26:34 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2002
Description =
Error - 25.04.2012 04:05:59 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2004
Description =
Error - 25.04.2012 04:05:59 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2002
Description =
[ Media Center Events ]
Error - 28.06.2011 09:12:52 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 15:12:42 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 11.09.2011 03:29:06 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:29:05 - Fehler beim Herstellen der Internetverbindung. 09:29:06
- Serververbindung konnte nicht hergestellt werden..
Error - 11.09.2011 03:29:25 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:29:11 - Fehler beim Herstellen der Internetverbindung. 09:29:11
- Serververbindung konnte nicht hergestellt werden..
Error - 27.09.2011 03:12:52 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:12:52 - Fehler beim Herstellen der Internetverbindung. 09:12:52
- Serververbindung konnte nicht hergestellt werden..
Error - 27.09.2011 03:13:07 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:12:57 - Fehler beim Herstellen der Internetverbindung. 09:12:57
- Serververbindung konnte nicht hergestellt werden..
Error - 13.12.2011 04:33:38 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:33:12 - EpgListings konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 13.01.2012 02:59:42 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 07:59:42 - Fehler beim Herstellen der Internetverbindung. 07:59:42
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2012 03:00:02 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 07:59:47 - Fehler beim Herstellen der Internetverbindung. 07:59:47
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 04:52:00 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:52:00 - Fehler beim Herstellen der Internetverbindung. 09:52:00
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 04:52:16 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:52:05 - Fehler beim Herstellen der Internetverbindung. 09:52:05
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = DCOM | ID = 10005
Description =
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = DCOM | ID = 10005
Description =
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.04.2012 15:42:59 | Computer Name = Schack_Jr | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 26.04.2012 15:46:29 | Computer Name = Schack_Jr | Source = BROWSER | ID = 8032
Description =
< End of report >
Code:
ATTFilter 7-Zip 4.65 23.06.2010 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.06.2010 10.0.45.2 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.04.2012 6,00MB 11.2.202.233 Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 12.04.2012 194,3MB 10.1.3 ALDI Foto Service MAGIX AG 22.04.2010 4.5.9.141 ALDI Nord Foto Manager Free MAGIX AG 22.04.2010 6.0.1.491 Aldi Nord Fotoservice 22.04.2010 ALDI Nord Online Druck Service MAGIX AG 22.04.2010 4.5.1.0 And Yet It Moves 1.2.0 Broken Rules 06.08.2011 68,1MB Apple Application Support Apple Inc. 08.03.2011 52,8MB 1.4.1 Apple Software Update Apple Inc. 08.03.2011 2,16MB 2.1.1.116 Ashampoo Burning Studio ashampoo GmbH & Co. KG 21.04.2010 129,0MB 9.23.0 Ashampoo Photo Commander ashampoo GmbH & Co. KG 21.04.2010 114,0MB 8.1.0 Ashampoo Snap ashampoo GmbH & Co. KG 21.04.2010 27,4MB 3.4.0 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 21.04.2010 1.0.0.27 Audacity 1.3.12 (Unicode) Audacity Team 27.11.2010 32,6MB Avira Free Antivirus Avira 15.02.2012 104,4MB 12.0.0.898 AVS Audio Editor 7.1 Online Media Technologies Ltd. 08.11.2011 AVS Screen Capture version 2.0.1 Online Media Technologies Ltd. 15.10.2011 AVS Update Manager 1.0 Online Media Technologies Ltd. 08.11.2011 AVS Video Editor 6 Online Media Technologies Ltd. 15.10.2011 AVS Video Recorder 2.4 Online Media Technologies Ltd. 15.10.2011 AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 08.11.2011 Broken Sword - Director's Cut GOG.com 07.08.2011 Broken Sword - The Sleeping Dragon 17.08.2011 Broken Sword - The Sleeping Dragon GOG.com 18.08.2011 Broken Sword II - The Smoking Mirror Director's Cut GOG.com 12.08.2011 CCleaner Piriform 26.04.2012 3.18 Cisco EAP-FAST Module Cisco Systems, Inc. 21.04.2010 1,15MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 21.04.2010 0,48MB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 21.04.2010 0,90MB 1.1.6 Cogs 07.08.2011 CorelDRAW Essentials 4 Corel Corporation 21.04.2010 CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 21.04.2010 2,93MB CyberLink LabelPrint CyberLink Corp. 21.04.2010 143,4MB 2.5.2602 CyberLink Power2Go CyberLink Corp. 21.04.2010 104,8MB 6.1.3602c CyberLink PowerDVD Copy CyberLink Corp. 21.04.2010 30,8MB 1.5.1306 CyberLink YouCam CyberLink Corp. 21.04.2010 132,1MB 3.0.2626 Dropbox Dropbox, Inc. 24.02.2012 1.2.52 Firebird SQL Server - MAGIX Edition MAGIX AG 22.04.2010 10,1MB 2.1.23.0 FluencyCoach 1.0.2.1 Janus Development Group 22.01.2012 Gobliiins Pack GOG.com 12.08.2011 Intel(R) Graphics Media Accelerator Driver Intel Corporation 22.04.2010 8.15.10.2086 Intel(R) Management Engine Components Intel Corporation 22.04.2010 6.0.0.1179 Intel(R) Rapid Storage Technology Intel Corporation 22.04.2010 9.6.0.1014 Java(TM) 6 Update 20 Sun Microsystems, Inc. 21.04.2010 97,2MB 6.0.200 JDownloader AppWork UG (haftungsbeschränkt) 21.06.2010 0.89 K-Lite Codec Pack 6.0.4 (Standard) 21.06.2010 39,0MB 6.0.4 Launch Manager V1.5.0.8 Wistron Corp. 21.04.2010 1.5.0.8 Machinarium Amanita Design, s.r.o. 06.08.2011 23.10.09 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 21.04.2012 18,0MB 1.61.0.1400 Matrox VFW Software Codecs, build 28 15.10.2011 MEDION Fotos auf CD & DVD SE Nord MAGIX AG 22.04.2010 8.0.3.4 Medion Home Cinema CyberLink Corp. 21.04.2010 36,5MB 8.0.1505 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 2,94MB 4.0.30319 Microsoft Office Home and Student 2010 Microsoft Corporation 24.10.2011 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 13.02.2012 199,8MB 4.1.10111.0 Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 22.04.2010 0,33MB 3.1.0000 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.04.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.04.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 06.05.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.04.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.06.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 12,3MB 10.0.40219 Microsoft Works Microsoft Corporation 10.04.2012 1.045MB 9.7.0621 Mozilla Firefox 11.0 (x86 de) Mozilla 19.03.2012 37,0MB 11.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.04.2010 1,35MB 4.20.9876.0 MSXML 4.0 SP3 Parser Microsoft Corporation 22.01.2012 1,48MB 4.30.2100.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 23.01.2012 1,53MB 4.30.2107.0 NetSpeedMonitor 2.5.4.0 x86 Florian Gilles 05.08.2011 1,04MB 2.5.4.0 OpenAL 07.08.2011 Patholinguistische Diagnostik bei Sprachentwicklungsstörungen Patholinguistische Diagnostik 27.03.2012 1.3.0.3 PDSS.FontInstaller Copyright © Elsevier GmbH 2011 27.03.2012 49,00KB 2.3.0 PlayReady PC Runtime x86 Microsoft Corporation 21.06.2010 1,65MB 1.3.0 QT Lite 4.1.0 14.10.2011 37,5MB 4.1.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.04.2010 6.0.1.6083 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 21.04.2010 6.1.7600.30117 REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 21.04.2010 1.00.0145 ScummVM 1.4.0 The ScummVM Team 30.11.2011 23,2MB Shutdown Timer Sinvise Systems 22.10.2011 7,38MB 3.1 Skype™ 5.5 Skype Technologies S.A. 06.11.2011 17,0MB 5.5.124 Synaptics Pointing Device Driver Synaptics Incorporated 21.04.2010 14.0.19.0 Tangram Four2B GmbH 20.10.2010 The Feeble Files GOG.com 07.08.2011 The Longest Journey 12.08.2011 Time Adjuster STANDARD 3.1 IrekSoftware.com 08.01.2011 Unity Web Player Unity Technologies ApS 13.11.2010 12,0MB 2.6.1f3_31223 USB2.0 ATV Regulus 22.10.2011 6.10.000.001 USB2.0 Grabber Youyan 22.10.2011 7.12.000.002 VideoLAN Movie Creator 22.10.2011 VirtualCloneDrive Elaborate Bytes 11.12.2010 Wetter Gadget wetter.de 04.10.2011 1,54MB 1.0.15 Windows Live Essentials Microsoft Corporation 14.10.2011 15.4.3538.0513 Windows Live Sync Microsoft Corporation 04.02.2011 2,79MB 14.0.8117.416 Windows Media Encoder 9 Series 21.04.2010 X10 Hardware(TM) 21.06.2010 ChronoJon |
|
27.04.2012, 05:48
| #4 | |
| /// Helfer-Team | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Systemreinigung und Prüfung: 1. Hast Du absichtlich die IP so als Proxy eingestellt? im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = bibliothek.fh-fresenius.de:8080
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen. Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken. Code:
ATTFilter FF - prefs.js..network.proxy.backup.ftp: "217.17.29.34"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "217.17.29.34"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "217.17.29.34"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "217.17.29.34"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "217.17.29.34"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "217.17.29.34"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "217.17.29.34"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ", stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "217.17.29.34"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "217.17.29.34"
FF - prefs.js..network.proxy.ssl_port: 8080
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus 2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AF56D317-6C7A-420E-8EE7-36E7B0760420}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "CHIP Online Suche"
[2011.11.02 23:10:10 | 000,002,122 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\chip-online-suche.xml
[2010.06.22 17:49:41 | 000,001,504 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\imdb.xml
[2010.09.06 16:39:25 | 000,002,661 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\opensubtitles.xml
[2010.06.25 21:26:17 | 000,000,961 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\shareminercom.xml
[2011.09.05 00:04:42 | 000,002,006 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\urban-dictionary.xml
[2010.07.26 00:08:39 | 000,001,330 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wikipedia-en.xml
[2011.02.10 17:26:16 | 000,002,446 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wiktionary-de.xml
[2010.06.22 17:49:20 | 000,004,140 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\youtube.xml
[2011.05.07 15:15:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 15:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.07 15:15:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 15:15:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 15:15:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\Shell - "" = AutoRun
O33 - MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\Shell\AutoRun\command - "" = F:\RUNME.bat
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:548232DE
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? -> Verwalten von Add-Ons in Internet Explorer -> Firefox mit Add-ons anpassen -> Firefox Add-Ons endgültig löschen | PcBeirat.de 5. reinige dein System mit CCleaner:
6.
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 8. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.04.2012, 19:35
| #5 |
| | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Zu 1) Der Fresenius-Proxy wurde manuell eingerichtet und hat mit dem Uni-Netz meiner Freundin zu tun. Die Firefox-Proxy-Einstellungen sind wahrscheinlich von Stealthy, einem Firefox-Addon zum Umgehen von Ländersperren bei YouTube o.ä.. Für den Uni-Proxy nutzt sie im Firefox FoxyProxy. Zu 2) OTL: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF56D317-6C7A-420E-8EE7-36E7B0760420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF56D317-6C7A-420E-8EE7-36E7B0760420}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "CHIP Online Suche" removed from browser.search.selectedEngine
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\chip-online-suche.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\imdb.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\opensubtitles.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\shareminercom.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\urban-dictionary.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wikipedia-en.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\wiktionary-de.xml moved successfully.
C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\h7wflwku.default\searchplugins\youtube.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2455cedb-0601-11e0-8c5e-00262dbec614}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2455cedb-0601-11e0-8c5e-00262dbec614}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2455cedb-0601-11e0-8c5e-00262dbec614}\ not found.
File F:\RUNME.bat not found.
ADS C:\ProgramData\Temp:548232DE deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nele\Desktop\Anti\cmd.bat deleted successfully.
C:\Users\Nele\Desktop\Anti\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nele
->Temp folder emptied: 1236099543 bytes
->Temporary Internet Files folder emptied: 260611644 bytes
->Java cache emptied: 3087159 bytes
->FireFox cache emptied: 784635676 bytes
->Flash cache emptied: 298367 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114782892 bytes
RecycleBin emptied: 59132070 bytes
Total Files Cleaned = 2.345,00 mb
OTL by OldTimer - Version 3.2.42.1 log created on 04292012_131615
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Java ist jetzt aktuallisiert. Aber eigentlich läuft immer Auto-Update und ich habe meiner Freundin gesagt, dass sie das immer bestätigen soll. Zu 5) Ich habe mit CCleaner alles bereinigt. Zu 6) SuperAntiSpyware Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 04/29/2012 bei 04:58 PM
Version der Applikation : 5.0.1148
Version der Kern-Datenbank : 8528
Version der Spur-Datenbank : 6340
Scan Art : kompletter Scann
Totale Scann-Zeit : 00:49:34
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Gescannte Speicherelemente : 686
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 35850
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 47036
Erfasste Datei-Elemente : 0
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=836d93b022b08140a61afe2b31719338
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-29 05:37:39
# local_time=2012-04-29 07:37:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 16961542 16961542 0 0
# compatibility_mode=5893 16776573 100 94 15657 87344517 0 0
# compatibility_mode=8192 67108863 100 0 766 766 0 0
# scanned=188925
# found=0
# cleaned=0
# scan_time=7733
OTL Code:
ATTFilter OTL logfile created on: 29.04.2012 20:17:47 - Run 2 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Nele\Desktop\Anti Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 53,67% Memory free 5,73 Gb Paging File | 4,33 Gb Available in Paging File | 75,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 24,17 Gb Free Space | 9,05% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 19,06 Gb Free Space | 63,53% Space Free | Partition Type: NTFS Computer Name: SCHACK_JR | User Name: Nele | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.26 23:32:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nele\Desktop\Anti\OTL.exe PRC - [2012.03.20 09:51:47 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.04.06 17:58:46 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.03.20 09:51:47 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.15 08:50:57 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.09 11:11:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012.02.16 00:46:10 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.16 13:59:44 | 001,521,544 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.24 17:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.02.04 13:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2010.02.03 05:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2004.06.03 21:10:36 | 000,033,792 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvc.sys -- (PIXMCV) DRV - [2004.03.27 01:56:10 | 000,032,768 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvv.sys -- (PIXMCVV) DRV - [2004.03.20 05:27:26 | 000,038,144 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcva.sys -- (PIXMCVA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = bibliothek.fh-fresenius.de:8080 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3 FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:1.0.0 FF - prefs.js..extensions.enabledItems: simpletimer@grbradt.org:1.10 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.6 FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1 FF - prefs.js..extensions.enabledItems: zoteroscholarcitations@beloglazov.info:1.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..network.proxy.backup.ftp: "217.17.29.34" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "217.17.29.34" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "217.17.29.34" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "217.17.29.34" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "217.17.29.34" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "217.17.29.34" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "217.17.29.34" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: ", stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "217.17.29.34" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "217.17.29.34" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nele\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.01.19 21:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 09:51:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 13:27:34 | 000,000,000 | ---D | M] [2010.08.13 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Extensions [2010.08.13 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.26 23:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions [2012.03.30 09:58:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.18 19:07:45 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\2020Player@2020Technologies.com [2011.09.17 10:34:42 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\2020Player_IKEA@2020Technologies.com [2012.03.18 13:22:33 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\foxyproxy@eric.h.jung [2012.02.17 19:55:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\zotero@chnm.gmu.edu [2012.03.18 13:22:35 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\h7wflwku.default\extensions\zoteroWinWordIntegration@zotero.org [2012.04.29 13:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.29 13:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.29 13:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\SIMPLETIMER@GRBRADT.ORG.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI () (No name found) -- C:\USERS\NELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7WFLWKU.DEFAULT\EXTENSIONS\ZOTEROSCHOLARCITATIONS@BELOGLAZOV.INFO.XPI [2012.03.20 09:51:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.29 13:41:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.07 15:15:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Citavi Picker... - file://C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html File not found O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.04.29 17:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.04.29 14:52:58 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\SUPERAntiSpyware.com [2012.04.29 14:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.04.29 14:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.04.29 14:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.04.29 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.04.29 13:41:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.04.29 13:41:48 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.04.29 13:41:48 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.04.29 13:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.04.29 13:16:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.27 00:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.04.27 00:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.04.25 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\Anti [2012.04.23 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\Berichte [2012.04.22 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Malwarebytes [2012.04.22 23:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.22 23:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.22 23:05:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.22 23:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.22 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\2012-04-22 PDSS [2012.04.22 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\2012-04-19 titel [2012.04.11 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 12:16:47 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 12:16:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 12:16:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 12:16:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 12:11:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 12:11:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.31 15:08:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe ========== Files - Modified Within 30 Days ========== [2012.04.29 19:28:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.29 17:13:22 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 17:13:22 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 17:11:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.29 17:11:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.29 17:11:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.29 17:11:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.29 17:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.29 17:05:55 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012.04.29 14:46:56 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.29 14:20:13 | 000,172,092 | ---- | M] () -- C:\Users\Nele\Documents\cc_20120429_141959.reg [2012.04.29 13:41:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.04.29 13:41:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.04.29 13:41:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.04.29 13:41:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.04.27 00:02:52 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.25 09:27:23 | 000,000,000 | ---- | M] () -- C:\Users\Nele\defogger_reenable [2012.04.22 23:05:18 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.22 12:23:24 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001D5A.LCS [2012.04.15 17:17:47 | 000,360,835 | ---- | M] () -- C:\Users\Nele\Desktop\mottiertest.pdf [2012.04.15 08:50:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.15 08:50:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.04.29 14:46:56 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.29 14:20:05 | 000,172,092 | ---- | C] () -- C:\Users\Nele\Documents\cc_20120429_141959.reg [2012.04.27 00:02:52 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.25 09:27:23 | 000,000,000 | ---- | C] () -- C:\Users\Nele\defogger_reenable [2012.04.22 23:05:18 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 17:17:47 | 000,360,835 | ---- | C] () -- C:\Users\Nele\Desktop\mottiertest.pdf [2012.03.31 15:08:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.10.23 12:06:02 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys [2011.10.23 09:59:43 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe [2011.10.23 09:59:43 | 000,025,608 | ---- | C] () -- C:\Windows\System32\drivers\StkCSam.sys [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.24 23:37:33 | 000,014,848 | ---- | C] () -- C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.23 15:36:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.22 22:57:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.06.22 22:02:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.06.22 18:00:25 | 000,000,000 | ---- | C] () -- C:\Users\Nele\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.10.07 18:20:10 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Ashampoo [2011.11.09 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Audacity [2011.08.07 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Broken Rules [2012.04.29 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Dropbox [2011.08.08 07:34:32 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Lazy 8 Studios [2010.06.22 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\MAGIX [2012.04.29 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\NetSpeedMonitor [2012.04.22 12:23:22 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\ProtectDisc [2011.12.01 10:21:19 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\ScummVM [2011.10.23 03:22:59 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Sinvise Systems [2011.01.02 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Swiss Academic Software [2010.06.22 18:01:10 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Template [2011.01.22 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Thunderbird [2012.04.16 07:16:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 20:17:47 - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Nele\Desktop\Anti
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 53,67% Memory free
5,73 Gb Paging File | 4,33 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 24,17 Gb Free Space | 9,05% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 19,06 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
Computer Name: SCHACK_JR | User Name: Nele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A7BB90-94EB-42A0-BB3D-CC707FF873E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{0C9A92EF-9EDB-4675-A281-F3E915C360B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1AA29434-8FA7-4408-8672-1827EDC28E13}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CC6F20D-5377-4207-97F6-D63B35D06438}" = lport=139 | protocol=6 | dir=in | app=system |
"{219FBBC2-33E2-4501-BAB3-87E8BAF35D45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F1CF472-75D0-4210-B074-AE153D79715C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{345DD22E-8646-4E2B-9FCE-427854C0D01A}" = lport=138 | protocol=17 | dir=in | app=system |
"{34759FA1-AD15-4E1B-83F6-16EC415F224B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{431CF4BD-F4C3-40A1-94BF-78DA587081BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E0AF8C6-A76B-4297-B668-F384BA7207A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739BAB64-811D-4F4D-9ED5-895BA6F27B1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7663145F-2C57-403B-99BE-DECB82362E67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{879ED60B-3953-4309-A0D3-3D86196D6955}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A92827B-4B40-4DE1-A200-BECC3ADB6BD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92922AD5-22C3-45FE-A8FA-040E1C48A942}" = rport=138 | protocol=17 | dir=out | app=system |
"{970BE2D1-9EA6-434C-9224-09920AA85634}" = lport=137 | protocol=17 | dir=in | app=system |
"{A725CCE6-46F4-41A3-9C69-FB42BEBE6918}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A8FB3D88-7572-4F18-9549-7DDD2EC7F754}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF78D111-8032-4E0B-B56D-BB38943162EC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5266201-B30D-46F7-B96A-164C9DED1220}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD1F6E10-A3DF-4F05-B1C6-0EF69A873AD0}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD38B9BD-9242-488E-A75A-CBB888B96242}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0C04847-E84A-45E2-AD10-D93BB397D099}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED7B1FE2-E61E-485D-8DE1-609D7D34C62C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7106C57-FDA8-4B42-AE1B-550FAFB9688E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2D6B4F-8F0E-4F50-8D9A-A7FD87A65C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C38E39E-ECA9-4F28-9AD1-97045861C70D}" = protocol=6 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"{109B609F-9AE6-4399-8C97-630373DD4A24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2729903B-259D-4346-B529-D50EA035BB55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{37BD6AB5-379F-40E3-AC88-7370E963219E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59810A99-3D23-49F3-B195-FE296DA752B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{746E68DE-6CF9-40EE-AFC3-A4E45D186C95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{82D0373E-C4B6-4FFB-A749-AD9F683E2908}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8434744C-7D9A-407C-8147-C51771463519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{890744D9-1879-4741-A24B-F451B3071B3D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8F4A467A-D5BE-49F8-A043-C23DB585B6C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97E3249B-9623-43AA-9E56-C913513A2893}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B44E7248-3EE4-43EC-AAC3-02D63E33130E}" = protocol=6 | dir=out | app=system |
"{C508FB88-4D11-473B-AE6D-70C5C70AD6BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8CD224F-2AC5-40EB-94D8-A22A13133E51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA02B5E2-88BF-4B51-B3D3-F7C470CFEE6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DDD8E63F-BFE0-4C5D-A009-99200CE6C738}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E195C058-8906-47F3-A7AA-6748599C6BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F8F8BC-C36F-4D7F-8072-350C05699281}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8A78A7B-F160-461D-BC88-75CB3236A1EB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E929EB44-B9E6-416B-87D7-B7EDF10257C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E965A0BE-FD11-41EB-8DD9-EB0A94A55E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE70A816-A8F5-4544-AFB1-F060E5942E17}" = protocol=17 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"{F50687E8-33E2-46EB-9885-01261215ED86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1938DDC7-D450-4625-811D-CC1A030BDEF9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{343166C6-C58A-4A66-884A-32D1B0B2467F}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DD79E304-AE76-4C92-B5B3-CD539265FEC1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F3F79924-1899-4531-975B-371D25910E44}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1" = And Yet It Moves 1.2.0
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CCF060E-91A1-4E3C-B376-DACA2D1A358A}" = PDSS.FontInstaller
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68260A58-E952-4182-A26C-A4144B230174}" = Wetter Gadget
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BDCFCC-E17A-41A4-B5CA-3CBBA241E5B0}_is1" = FluencyCoach 1.0.2.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Broken Sword - Director's Cut_is1" = Broken Sword - Director's Cut
"Broken Sword - The Sleeping Dragon" = Broken Sword - The Sleeping Dragon
"Broken Sword - The Sleeping Dragon_is1" = Broken Sword - The Sleeping Dragon
"Broken Sword II - The Smoking Mirror Director's Cut_is1" = Broken Sword II - The Smoking Mirror Director's Cut
"CCleaner" = CCleaner
"Cogs" = Cogs
"ESET Online Scanner" = ESET Online Scanner v3
"Gobliiins Pack_is1" = Gobliiins Pack
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Standard)
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"quicktime_lite_is1" = QT Lite 4.1.0
"ScummVM_is1" = ScummVM 1.4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Feeble Files_is1" = The Feeble Files
"VirtualCloneDrive" = VirtualCloneDrive
"VLMC" = VideoLAN Movie Creator
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e2028b333c57027" = Patholinguistische Diagnostik bei Sprachentwicklungsstörungen
"Dropbox" = Dropbox
"Tangram" = Tangram
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2012 12:25:56 | Computer Name = Schack_Jr | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17c4 Startzeit:
01ccf5fced6b24ac Endzeit: 68 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
e0878150-6228-11e1-a939-00262dbec614
Error - 22.03.2012 03:11:25 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003c311 ID des fehlerhaften Prozesses:
0xa34 Startzeit der fehlerhaften Anwendung: 0x01cd07faf251cf16 Pfad der fehlerhaften
Anwendung: C:\Program Files\Launch Manager\WButton.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Launch Manager\WButton.exe Berichtskennung: 3c05d309-73ee-11e1-baa0-00262dbec614
Error - 26.03.2012 01:59:49 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.2, Zeitstempel:
0x4b4d2d75 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003c311 ID des fehlerhaften Prozesses:
0xaa4 Startzeit der fehlerhaften Anwendung: 0x01cd0b1552848080 Pfad der fehlerhaften
Anwendung: C:\Program Files\Launch Manager\WButton.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Launch Manager\WButton.exe Berichtskennung: e5210253-7708-11e1-b5da-00262dbec614
Error - 15.04.2012 04:01:42 | Computer Name = Schack_Jr | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6024.1000,
Zeitstempel: 0x4d83e310 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000320f0 ID des fehlerhaften
Prozesses: 0x1394 Startzeit der fehlerhaften Anwendung: 0x01cd1ad785647a9d Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
3c3aca1f-86d1-11e1-95a5-00262dbec614
Error - 24.04.2012 11:26:34 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2004
Description =
Error - 24.04.2012 11:26:34 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2002
Description =
Error - 25.04.2012 04:05:59 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2004
Description =
Error - 25.04.2012 04:05:59 | Computer Name = Schack_Jr | Source = PerfNet | ID = 2002
Description =
Error - 29.04.2012 08:24:57 | Computer Name = Schack_Jr | Source = Windows Search Service | ID = 7040
Description =
Error - 29.04.2012 08:24:57 | Computer Name = Schack_Jr | Source = Windows Search Service | ID = 7042
Description =
[ Media Center Events ]
Error - 28.06.2011 09:12:52 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 15:12:42 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 11.09.2011 03:29:06 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:29:05 - Fehler beim Herstellen der Internetverbindung. 09:29:06
- Serververbindung konnte nicht hergestellt werden..
Error - 11.09.2011 03:29:25 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:29:11 - Fehler beim Herstellen der Internetverbindung. 09:29:11
- Serververbindung konnte nicht hergestellt werden..
Error - 27.09.2011 03:12:52 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:12:52 - Fehler beim Herstellen der Internetverbindung. 09:12:52
- Serververbindung konnte nicht hergestellt werden..
Error - 27.09.2011 03:13:07 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:12:57 - Fehler beim Herstellen der Internetverbindung. 09:12:57
- Serververbindung konnte nicht hergestellt werden..
Error - 13.12.2011 04:33:38 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:33:12 - EpgListings konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 13.01.2012 02:59:42 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 07:59:42 - Fehler beim Herstellen der Internetverbindung. 07:59:42
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2012 03:00:02 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 07:59:47 - Fehler beim Herstellen der Internetverbindung. 07:59:47
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 04:52:00 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:52:00 - Fehler beim Herstellen der Internetverbindung. 09:52:00
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 04:52:16 | Computer Name = Schack_Jr | Source = MCUpdate | ID = 0
Description = 09:52:05 - Fehler beim Herstellen der Internetverbindung. 09:52:05
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:14:56 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = DCOM | ID = 10005
Description =
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = DCOM | ID = 10005
Description =
Error - 25.04.2012 07:23:11 | Computer Name = Schack_Jr | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.04.2012 15:42:59 | Computer Name = Schack_Jr | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 26.04.2012 15:46:29 | Computer Name = Schack_Jr | Source = BROWSER | ID = 8032
Description =
< End of report >
Gruß, ChronoJon |
|
30.04.2012, 00:56
| #6 | |
| /// Helfer-Team | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator 1. Zitat:
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator |
|
30.04.2012, 10:26
| #7 |
| | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Das ging aber schnell  Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nele\Desktop\Anti\cmd.bat deleted successfully.
C:\Users\Nele\Desktop\Anti\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nele
->Temp folder emptied: 111901 bytes
->Temporary Internet Files folder emptied: 566399 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54967113 bytes
->Flash cache emptied: 456 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526720 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 54,00 mb
OTL by OldTimer - Version 3.2.42.1 log created on 04302012_104047
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
30.04.2012, 14:56
| #8 |
| /// Helfer-Team | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.05.2012, 07:07
| #9 |
| |  Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator Schönen Morgen, der Rechner ist nun wieder ein paar Tage in Verwendung und macht anscheinend keine Probleme mehr. Nochmal vielen, vielen Dank für die Hilfe! Gruß, ChronoJon |
|
02.05.2012, 15:02
| #10 | |
| /// Helfer-Team | Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Rogue.ControlCenter und ADWARE/Adware.Gen nach Installation von PDFCreator |
| acrobat update, adobe, adware.gen, adware/adware.gen, antivir, chip.de, desktop, document, firefox, flash player, home, installation, installmanager.exe, malware, mozilla, notification, pdfcreator, plug-in, realtek, rogue.controlcenter, scan, software, svchost.exe, system, temp, virus, windows, windows 7 home |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
