| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.05.2012, 17:03
| #16 |
 |  TR/ATRAPS.Gen Virus Hallo kira, anbei das Protokoll von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-06.01 - Sebsch 06.05.2012 17:29:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3581.2347 [GMT 2:00]
ausgeführt von:: c:\users\Sebsch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Sebsch\AppData\Local\assembly\tmp
c:\users\Sebsch\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-06 bis 2012-05-06 ))))))))))))))))))))))))))))))
.
.
2012-05-06 15:35 . 2012-05-06 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 15:04 . 2012-05-04 15:04 -------- d-----w- c:\program files\Common Files\Skype
2012-05-04 13:19 . 2012-05-04 13:19 89088 ----a-w- c:\windows\system32\mbr.exe
2012-05-02 15:06 . 2012-05-02 15:06 -------- d-----w- c:\users\Sebsch\AppData\Roaming\SUPERAntiSpyware.com
2012-05-02 15:06 . 2012-05-02 15:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-02 15:06 . 2012-05-02 15:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-02 05:58 . 2012-05-02 05:58 -------- d-----w- C:\_OTL
2012-04-30 14:55 . 2012-04-30 14:55 -------- d-----w- c:\program files\CCleaner
2012-04-30 14:41 . 2012-04-30 14:41 -------- d-----w- c:\users\Sebsch\AppData\Roaming\Malwarebytes
2012-04-30 14:40 . 2012-04-30 14:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-29 18:56 . 2012-04-29 18:56 -------- d-----w- c:\program files\7-Zip
2012-04-11 15:35 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 14:50 . 2012-04-03 21:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 14:50 . 2011-06-29 15:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-01 07:26 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A35E958A-37ED-4305-9903-A889203C540A}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-10 19:04 . 2010-05-10 10:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-03 10:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 21:34 . 2011-10-17 17:47 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-13 20:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 20:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 20:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 20:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 20:42 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 68856]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Sebsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-8-13 679936]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-13 13:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Sebsch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Sebsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-03-01 21:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2007-04-17 05:59 2887680 ----a-w- c:\program files\Electronic Arts\EA Link\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-04-04 05:05 954256 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-04-04 05:05 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-04-04 05:05 3521424 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:50]
.
2011-03-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} - hxxps://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-06 17:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3641376579-2534570002-3142245224-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,d5,9d,35,fa,0a,06,f3,5a,88,31,ab,4b,5c,d4,e7,1d,56,9e,97,77,
90,0d,06,9e,7c,22,74,6a,d2,a9,80,bc,59,22,98,78,04,97,d4,b8,c3,1f,90,13,ca,\
"rkeysecu"=hex:83,ee,5b,36,af,d8,94,ea,b8,91,30,01,ef,b1,b7,f4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(716)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\WLANExt.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-06 17:44:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-06 15:44
.
Vor Suchlauf: 15 Verzeichnis(se), 62.524.706.816 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 62.285.496.320 Bytes frei
.
- - End Of File - - FF1914D2BF11C9B670A9D5A67291F948
Und hier das Log "Add-Remove Programs": Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958)
[verify-U]_AVS_IE_Plugin
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Software Update
Avira Free Antivirus
Browser Address Error Redirector
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
CDDRV_Installer
CDex - Open Source Digital Audio CD Extractor
Compatibility Pack für 2007 Office System
DeepBurner v1.9.0.228
Dell Dock
Dell Driver Download Manager
Dell Handbuch zum Einstieg
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DJ_AIO_03_F4200_Software_Min
EA Link
EDocs
FileZilla Client 3.3.0.1
Free Video Flip and Rotate version 1.8.13.804
FreePDF (Remove only)
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Gothic III
GoToAssist 8.0.0.514
GPL Ghostscript 8.70
HD View
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Deskjet F4200 All-In-One Driver 11.0 03
Huawei modem - Windows Driver 2.62 installer
ICQ7.2
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
Java DB 10.4.2.1
KhalSetup
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar
Live! Cam Avatar Creator
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NVIDIA 3D Vision Treiber 260.99
NVIDIA Grafiktreiber 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 260.99
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 260.99
PC SpeedScan Pro
PDF Settings CS5
PHOTOfunSTUDIO 5.0 HD Edition
Photosynth 2.0110.0317.1042
Picasa 3
Protector Suite QL 5.6
QuickSet
QuickTime
ratDVD 0.78.1444
RedMon - Redirection Port Monitor
Samsung AllShare
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
SILKYPIX Developer Studio 3.1 SE
Skype™ 5.8
SPEEDLINK Strike 2 Gamepad
SUPERAntiSpyware
System Requirements Lab
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
Ubisoft Game Launcher
Unity Web Player
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VLC media player 1.1.11
WIDCOMM Bluetooth Software 6.0.1.3100
Winamp
Windows Driver Package - Intel (NETw5v32) net (09/25/2008 12.1.2.1)
Windows Live ID-Anmelde-Assistent
Windows Media Player Firefox Plugin
WinRAR
WISO Steuer-Sparbuch 2012
Xvid 1.1.3 final uninstall
Zattoo4 4.0.5
Sebsch Hallo kira, hier noch die Protokolle von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.05.2012 17:53:57 - Run 5 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Sebsch\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 63,86% Memory free 7,18 Gb Paging File | 5,91 Gb Available in Paging File | 82,42% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 132,37 Gb Total Space | 57,96 Gb Free Space | 43,79% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 28,32 Gb Free Space | 32,22% Space Free | Partition Type: NTFS Computer Name: SEBSCH-PC | User Name: Sebsch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Users\Sebsch\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll () MOD - C:\Users\Sebsch\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7caccb6fde6845f2f903195b8e5c8799\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\bbe9fdfd4f3c530482bedb59ed0da62a\DellDock.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\01fcac1cc89077fe7d16d08b62870ec4\VistaBridgeLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\1e4233567342c390200bc2f64b7c5b41\MyDock.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\32f4b9aa5accef0f0b9634f612045b69\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\btwhidcs.dll () ========== Win32 Services (SafeList) ========== SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SamsungAllShareV2.0) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (UimBus) -- system32\DRIVERS\UimBus.sys File not found DRV - (Uim_IM) -- System32\Drivers\Uim_IM.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (aj5o5so4) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (iaNvStor) Intel(R) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 BF AC 96 7C 28 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Sebsch\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.02.07 14:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebsch\AppData\Roaming\mozilla\Extensions [2008.09.05 19:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebsch\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.07.05 18:01:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sebsch\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sebsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Download Support = C:\Users\Sebsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmhgfjmgbboimijeicldincaijdopcm\1.4.2.1_0\ O1 HOSTS File: ([2012.05.06 17:35:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: ([verify-U]_Plugin) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Plugin\[verify-U]_AVS.dll (Cybits AG) O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Sebsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\d3dy7i1mb.dll () O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37011C7B-B713-49DE-BCA6-FF0A478463C4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{949FCC64-36D0-404A-9ED0-10BE82245510}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: D:\Bild\###Kameratests\Hot Frosty Buzz by Miles Morgan.JPG O24 - Desktop BackupWallPaper: D:\Bild\###Kameratests\Hot Frosty Buzz by Miles Morgan.JPG O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.06 17:51:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.05.06 17:37:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.06 17:27:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.05.06 17:27:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.05.06 17:27:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.05.06 17:27:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.05.06 17:26:59 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.05.06 17:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.06 17:16:57 | 004,485,446 | R--- | C] (Swearware) -- C:\Users\Sebsch\Desktop\ComboFix.exe [2012.05.04 19:18:17 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sebsch\Desktop\TDSSKiller.exe [2012.05.04 17:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.05.04 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.05.02 17:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sebsch\AppData\Roaming\SUPERAntiSpyware.com [2012.05.02 17:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.02 17:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.02 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.02 07:58:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.30 16:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.04.30 16:41:00 | 000,000,000 | ---D | C] -- C:\Users\Sebsch\AppData\Roaming\Malwarebytes [2012.04.30 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.29 20:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.04.29 20:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.04.29 19:26:24 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sebsch\Desktop\OTL.exe [2012.04.11 18:16:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 18:16:57 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 18:16:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 18:16:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 18:16:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 18:16:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 18:16:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 18:16:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.05.06 17:51:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.06 17:51:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.06 17:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.06 17:51:32 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys [2012.05.06 17:50:53 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.06 17:44:49 | 000,598,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.06 17:44:48 | 000,632,256 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.06 17:44:48 | 000,127,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.06 17:44:48 | 000,104,918 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.06 17:43:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.06 17:35:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.05.06 17:17:20 | 004,485,446 | R--- | M] (Swearware) -- C:\Users\Sebsch\Desktop\ComboFix.exe [2012.05.06 16:50:32 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.05.06 16:50:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.05.04 19:36:55 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk [2012.05.04 15:19:39 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.05.02 17:06:11 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.02 17:03:30 | 000,001,673 | ---- | M] () -- C:\Users\Sebsch\Desktop\Zattoo.lnk [2012.05.02 17:02:49 | 000,017,408 | ---- | M] () -- C:\Users\Sebsch\AppData\Local\WebpageIcons.db [2012.05.02 16:55:28 | 000,400,616 | ---- | M] () -- C:\Users\Sebsch\Documents\cc_20120502_165513.reg [2012.05.02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sebsch\Desktop\TDSSKiller.exe [2012.05.01 12:54:08 | 000,000,788 | ---- | M] () -- C:\Windows\wiso.ini [2012.04.30 16:55:38 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.29 20:09:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sebsch\Desktop\OTL.exe [2012.04.27 18:09:19 | 001,139,745 | ---- | M] () -- C:\Users\Sebsch\Desktop\TV_bracket_manual_tcm44-48802.pdf [2012.04.26 16:58:10 | 000,000,680 | ---- | M] () -- C:\Users\Sebsch\AppData\Local\d3d9caps.dat [2012.04.20 22:40:45 | 003,737,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.05.06 17:27:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.05.06 17:27:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.05.06 17:27:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.05.06 17:27:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.05.06 17:27:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.04 15:19:38 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.05.02 17:06:11 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.02 17:03:30 | 000,001,673 | ---- | C] () -- C:\Users\Sebsch\Desktop\Zattoo.lnk [2012.05.02 16:55:17 | 000,400,616 | ---- | C] () -- C:\Users\Sebsch\Documents\cc_20120502_165513.reg [2012.05.02 16:40:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.04.30 16:55:38 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.27 18:09:24 | 001,139,745 | ---- | C] () -- C:\Users\Sebsch\Desktop\TV_bracket_manual_tcm44-48802.pdf [2012.01.11 20:21:40 | 000,294,912 | ---- | C] () -- C:\Windows\System32\d3dy7i1mb.dll [2011.08.05 17:16:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.08.05 17:16:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.13 15:43:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.06.13 15:43:56 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.06.08 23:55:29 | 000,038,427 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.06.08 23:07:30 | 000,012,959 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Kommagetrennte Werte (DOS).CAL [2011.06.08 23:04:57 | 000,012,969 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Tabulatorgetrennte Werte (DOS).CAL [2011.06.07 17:54:28 | 000,038,433 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2011.05.08 18:09:32 | 000,185,475 | ---- | C] () -- C:\Windows\hpoins28.dat [2011.05.08 18:09:31 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat [2011.05.08 18:05:21 | 000,185,449 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2011.05.08 18:05:21 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.03.26 23:42:19 | 000,069,624 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe [2010.12.21 00:02:32 | 000,000,247 | ---- | C] () -- C:\Users\Sebsch\AppData\Local\RAExpertHistory.xml [2010.08.22 18:24:25 | 000,004,096 | -H-- | C] () -- C:\Users\Sebsch\AppData\Local\keyfile3.drm [2010.06.28 16:23:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.06.28 16:23:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.06.28 16:23:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.06.28 16:23:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.06.28 16:23:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.06.28 16:23:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.06.28 16:23:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.06.28 16:23:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.06.28 16:23:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.06.28 16:23:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.06.28 16:23:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.06.28 16:23:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.06.28 16:23:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.06.28 16:23:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.06.28 16:23:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.06.28 16:23:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.06.28 16:23:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.06.28 16:23:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.06.28 16:23:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.05.11 09:59:37 | 000,017,408 | ---- | C] () -- C:\Users\Sebsch\AppData\Local\WebpageIcons.db < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.05.2012 17:53:57 - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Sebsch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 63,86% Memory free
7,18 Gb Paging File | 5,91 Gb Available in Paging File | 82,42% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132,37 Gb Total Space | 57,96 Gb Free Space | 43,79% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 28,32 Gb Free Space | 32,22% Space Free | Partition Type: NTFS
Computer Name: SEBSCH-PC | User Name: Sebsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2ED9F676-7B78-419D-9DC0-68954278E288}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{497E868D-5AE4-4751-896B-950110B6E03A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D5EC04C-0BE2-4EDC-9D3B-9A21516E98A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{6DB6A348-B382-4435-AFC9-791DEAEC6643}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AE671DE-1094-4857-A411-7750B5AB9517}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B8DC519-7E07-4587-854B-08A34F6EA2C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F30E4CD-A4F6-4E56-B85C-77D783308BBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDD955D0-2E07-43D5-B137-2D4CDD751F5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{C9178ED4-53D6-4D01-BDE3-B9A61A64A16D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6A45120-04C6-4701-A004-58A596811DAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC92B159-4B9B-46E3-B1FA-AB1DC95C2202}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F100EB41-358B-4875-A6C2-DF838BAF2000}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC3DEE-1F2A-4A54-9D3F-5EF564787A0E}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{0642B3AE-B393-4B25-90FD-639B37BCB704}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2D61E95F-BF6F-4BB9-9E5F-D1B8AEE3D169}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3135B771-3021-4D51-9B7F-CD53DDCCF9EC}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{32A599C1-3E4E-4B8B-8084-E2EC556636FB}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{3CB486B6-619B-4E91-9EAC-0F1612CC5982}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{4350BC36-2202-4CF7-88C7-A734A45B22B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{456CA08F-054C-439A-8D8D-C7C8CBD522E7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4B52C57A-AFE9-4C25-BB16-32302087E076}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5074F654-EBF6-4724-B422-C7DB6369F282}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{57357806-3DB4-4D5F-9E22-BA713B969CBA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5C2002BE-B8CB-430E-82CC-D30EDCC4C45A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{612B33CF-4B13-4188-845B-D2311ED72B2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74907227-EA09-48B9-B65D-A51082459708}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76FFEA3A-DA79-4F86-986E-565868F60E9A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{77299D71-4815-4253-AD12-0AF4B9E86EE9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8942F184-0C35-4F14-8A70-B2E05B6842D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BE698B7-AE1B-48EF-B184-A261B832BEFF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8FF16B69-DB58-4A50-B32A-D88A0102DC65}" = dir=in | app=c:\program files\samsung\allshare\allshareslideshowservice.exe |
"{9E651C2A-9390-4682-B758-9463669B704A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A04361F3-8E55-43FD-AF8D-5D37D52A6B4F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B1D49D86-615F-46FA-814A-781C4DCFC98B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B47F4A18-AFC5-42C8-AF9B-1B8808EC549D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA9DE2C9-8F74-4857-AA76-DAFA49BDAEF8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BE2952E4-DFCA-4987-A2C2-72B047D8B593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C4F4A196-D269-43BF-9768-B2F007238D5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C67B3FD5-28F3-44B1-8E38-84DB629AB918}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C79F3674-FDA3-4C13-9A1E-4C3D5DCFA77D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{CD06066B-249F-4DD0-BA7F-B0BB82197F03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD264AD3-07DA-4427-ACC6-BEFC15A6747D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{D667F9AE-533E-4447-AF2C-983040396161}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5CE082-7E76-48B5-9C66-BC3D2F34BF34}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E6815D3B-0DA4-49BF-84EC-DA16A6B589B9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E74CB2D8-7155-46CE-93D3-672D03978416}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{ECFF1738-7295-4D0C-851E-79C83CE80856}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F2ED7E00-38A1-4F97-86E4-D84C04A7F7F8}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{FA57E875-566C-4737-AE33-97DCF9D913A7}" = dir=in | app=c:\program files\samsung\allshare\allshareslideshowservice.exe |
"{FA78171D-5CB3-4E59-9941-04D49A03792A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{2FEF28BF-F2A6-48A9-9FA2-65A8DF229B28}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4994933F-B4A8-414E-9AF1-C19D27C34511}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4A8A968E-7847-4555-AA7C-905F998CB3E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4FD29D86-0ECE-48A6-80D2-1F68D0C27030}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6E23E6DF-08F2-4082-9E21-55EF7DD17CFE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AAAB7301-DD19-4706-ABC6-A2E2371F4815}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B16F83DC-8B8F-43A2-B805-66DB10AB4327}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{C6D00A4B-EA99-4A9D-B81E-94F3E9C0896A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{F1DCEBFC-8296-4B1C-87E5-0290DF58725D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F50D30A4-5945-494B-9378-35A3BD50F431}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{239625BC-4B4A-4E42-B6D6-A0CCA90C7D25}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{3748EB0A-2562-4D3A-B120-94A2DD1D0066}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{742D8B16-03A9-481A-88C3-96AE47687B73}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7E877D67-1752-4C15-993A-83A99834F3B4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{AE38FB4E-D951-4EDB-B42A-ACEC4F23C6AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D0AD87DF-304A-40D5-860B-940F4CB679CB}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{EC139C96-4A07-42EB-BCA3-05619D685AAA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F70AEC94-47A8-46F3-B753-6F6D82AD3507}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FFC10BB0-A813-4C33-AC17-075FEAAEFFE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FFE67AB3-FEEE-44CA-A7AF-570F30D0578F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Plugin" = [verify-U]_AVS_IE_Plugin
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73834802-106D-4E4B-AD75-F013C04CF150}" = PC SpeedScan Pro
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"6F9893FC73F8E3D5E164A0756EAAFFE3E7D21AD2" = Windows Driver Package - Intel (NETw5v32) net (09/25/2008 12.1.2.1)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.804
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Huawei Modems" = Huawei modem - Windows Driver 2.62 installer
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"ratDVD" = ratDVD 0.78.1444
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
[/CODE] VG Sebsch Geändert von Sebsch (06.05.2012 um 17:10 Uhr) |
|
07.05.2012, 07:46
| #17 |
| /// Helfer-Team    | TR/ATRAPS.Gen Virus gibt`s noch Probleme...Meldung von Antivir?
__________________zur Nachkontrolle: erneut einen Scan mit OTL:
__________________ |
|
07.05.2012, 19:30
| #18 |
| | TR/ATRAPS.Gen Virus Hallo kira,
__________________hab gerade nochmal von Avira das System prüfen lassen. Diesmal wurde folgender Virus entdeckt: "TR/Mediyes.D.4". Ansonsten verhält sich das System aber normal. Hier der Log von Avira. Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 7. Mai 2012 18:10
Es wird nach 3753340 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SEBSCH-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 21:34:43
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 21:34:42
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 21:34:43
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 21:34:44
AVREG.DLL : 12.1.0.36 229128 Bytes 06.04.2012 03:36:03
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:22:12
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:49:26
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:26:34
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 15:26:35
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 15:26:35
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 15:26:35
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 15:26:35
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 15:26:35
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 15:26:35
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 15:26:35
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 15:26:35
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 15:26:35
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 15:26:35
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 20:06:33
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 22:10:05
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 14:23:53
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 15:21:46
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 06:35:13
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 16:54:33
VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 18:17:29
VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 20:37:38
VBASE023.VDF : 7.11.28.99 195072 Bytes 23.04.2012 15:01:59
VBASE024.VDF : 7.11.28.133 247808 Bytes 24.04.2012 20:40:54
VBASE025.VDF : 7.11.28.183 186880 Bytes 26.04.2012 20:40:52
VBASE026.VDF : 7.11.28.235 166400 Bytes 30.04.2012 14:21:37
VBASE027.VDF : 7.11.29.37 290816 Bytes 03.05.2012 14:59:21
VBASE028.VDF : 7.11.29.38 2048 Bytes 03.05.2012 14:59:21
VBASE029.VDF : 7.11.29.39 2048 Bytes 03.05.2012 14:59:22
VBASE030.VDF : 7.11.29.40 2048 Bytes 03.05.2012 14:59:22
VBASE031.VDF : 7.11.29.72 160768 Bytes 06.05.2012 06:05:21
Engineversion : 8.2.10.62
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 19:47:35
AESCRIPT.DLL : 8.1.4.18 455034 Bytes 26.04.2012 20:40:58
AESCN.DLL : 8.1.8.2 131444 Bytes 02.02.2012 18:54:31
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 22:36:55
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.12 807287 Bytes 04.05.2012 14:59:26
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 20:40:58
AEHEUR.DLL : 8.1.4.23 4702582 Bytes 04.05.2012 14:59:25
AEHELP.DLL : 8.1.20.0 254326 Bytes 26.04.2012 20:40:54
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 20:40:54
AEEXP.DLL : 8.1.0.35 82291 Bytes 04.05.2012 14:59:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 18:35:28
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 21:34:42
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 7. Mai 2012 18:10
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'notepad.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAM Updates Notifier.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'googletalkplugin.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareDMS.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'psqltray.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'quickset.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareAgent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'DellWMgr.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'OEM02Mon.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'DellDock.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '182' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Iaantmon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsUsbExService.Exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'upeksvr.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\System32\d3dy7i1mb.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.D.4
Die Registry wurde durchsucht ( '1235' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Windows\System32\d3dy7i1mb.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.D.4
Beginne mit der Suche in 'D:\' <Daten>
Beginne mit der Desinfektion:
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD> wurde erfolgreich entfernt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich entfernt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString> wurde erfolgreich entfernt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich entfernt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString> wurde erfolgreich entfernt.
C:\Windows\System32\d3dy7i1mb.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.D.4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5616bf7f.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\DisplayString> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008\LibraryPath> wurde erfolgreich repariert.
Ende des Suchlaufs: Montag, 7. Mai 2012 20:24
Benötigte Zeit: 2:07:04 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
31601 Verzeichnisse wurden überprüft
672641 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
672639 Dateien ohne Befall
4641 Archive wurden durchsucht
0 Warnungen
2 Hinweise
640863 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
VG Sebsch |
|
07.05.2012, 19:32
| #19 |
| | TR/ATRAPS.Gen Virus Anbei die Logs von OTL. OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.05.2012 18:03:11 - Run 6 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Sebsch\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 45,91% Memory free 7,18 Gb Paging File | 4,93 Gb Available in Paging File | 68,66% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 132,37 Gb Total Space | 59,35 Gb Free Space | 44,84% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 28,11 Gb Free Space | 31,98% Space Free | Partition Type: NTFS Computer Name: SEBSCH-PC | User Name: Sebsch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.06 16:50:17 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.04.29 20:09:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sebsch\Desktop\OTL.exe PRC - [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.03.30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Sebsch\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.09.06 09:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2008.04.28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008.03.04 07:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2008.02.22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2008.01.25 07:42:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008.01.25 07:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008.01.25 07:42:14 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008.01.25 07:42:14 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007.12.03 06:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.07.27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2007.03.28 19:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 19:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.02.20 13:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe PRC - [2007.01.11 19:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe PRC - [2006.11.03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe ========== Modules (No Company Name) ========== MOD - [2012.05.06 17:53:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.05.06 17:53:27 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.05.06 17:52:28 | 000,115,137 | ---- | M] () -- C:\Users\Sebsch\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012.05.02 17:07:02 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.05.02 17:07:02 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.04.28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll MOD - [2012.04.28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012.04.28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012.04.28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012.04.28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012.04.28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012.04.11 18:32:02 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7caccb6fde6845f2f903195b8e5c8799\System.ServiceProcess.ni.dll MOD - [2012.04.11 18:19:14 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\bbe9fdfd4f3c530482bedb59ed0da62a\DellDock.ni.exe MOD - [2012.04.11 18:19:14 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\01fcac1cc89077fe7d16d08b62870ec4\VistaBridgeLibrary.ni.dll MOD - [2012.04.11 18:19:12 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\1e4233567342c390200bc2f64b7c5b41\MyDock.Util.ni.dll MOD - [2012.04.11 18:16:36 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll MOD - [2012.04.11 18:16:22 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll MOD - [2012.04.11 18:16:20 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll MOD - [2012.04.11 18:16:11 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll MOD - [2012.04.11 18:16:09 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll MOD - [2012.04.11 18:12:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012.04.11 18:11:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.03.13 20:56:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll MOD - [2012.03.13 20:54:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll MOD - [2012.03.13 20:54:38 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll MOD - [2012.03.13 08:28:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll MOD - [2012.03.13 08:28:30 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll MOD - [2012.03.13 08:28:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\32f4b9aa5accef0f0b9634f612045b69\System.Configuration.ni.dll MOD - [2012.03.13 08:28:16 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll MOD - [2012.03.13 08:28:07 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll MOD - [2012.03.13 08:28:00 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll MOD - [2012.02.16 21:34:31 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll MOD - [2012.02.16 21:34:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012.02.16 21:30:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.16 21:29:47 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.10.12 12:59:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.11.15 17:29:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006.11.03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2012.05.06 16:50:32 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.11 19:38:59 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.09.06 09:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008.08.13 15:19:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.04.28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\UimBus.sys -- (UimBus) DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\Uim_IM.sys -- (Uim_IM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj5o5so4) DRV - [2012.02.15 23:34:43 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.26 17:26:44 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.18 06:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.07.18 06:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.07.18 06:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.06.07 23:33:34 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.07 23:33:33 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.09.06 09:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.02 21:18:36 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.09.25 07:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.09.04 21:56:17 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.08.19 19:27:51 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.08.19 19:27:46 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.03.04 07:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2008.03.04 07:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2008.01.25 07:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.12.03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2007.09.07 08:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.09.07 08:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.09.07 08:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.11 19:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.01.11 19:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B7 C6 A6 AD 2B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Sebsch\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.02.07 14:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebsch\AppData\Roaming\mozilla\Extensions [2008.09.05 19:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebsch\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.07.05 18:01:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sebsch\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sebsch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sebsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Download Support = C:\Users\Sebsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmhgfjmgbboimijeicldincaijdopcm\1.4.2.1_0\ O1 HOSTS File: ([2012.05.06 17:35:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: ([verify-U]_Plugin) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Plugin\[verify-U]_AVS.dll (Cybits AG) O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Sebsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\d3dy7i1mb.dll () O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37011C7B-B713-49DE-BCA6-FF0A478463C4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{949FCC64-36D0-404A-9ED0-10BE82245510}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: D:\Bild\###Kameratests\Hot Frosty Buzz by Miles Morgan.JPG O24 - Desktop BackupWallPaper: D:\Bild\###Kameratests\Hot Frosty Buzz by Miles Morgan.JPG O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.06 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.05.06 20:49:50 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.05.06 20:49:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.05.06 20:49:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.05.06 20:49:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.05.06 17:51:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.05.06 17:37:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.06 17:27:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.05.06 17:27:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.05.06 17:27:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.05.06 17:27:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.05.06 17:26:59 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.05.06 17:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.06 17:16:57 | 004,485,446 | R--- | C] (Swearware) -- C:\Users\Sebsch\Desktop\ComboFix.exe [2012.05.04 19:18:17 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sebsch\Desktop\TDSSKiller.exe [2012.05.04 17:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.05.04 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.05.02 17:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sebsch\AppData\Roaming\SUPERAntiSpyware.com [2012.05.02 17:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.02 17:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.02 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.02 07:58:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.30 16:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.04.30 16:41:00 | 000,000,000 | ---D | C] -- C:\Users\Sebsch\AppData\Roaming\Malwarebytes [2012.04.30 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.29 20:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.04.29 20:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.04.29 19:26:24 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sebsch\Desktop\OTL.exe [2012.04.11 18:16:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 18:16:57 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 18:16:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 18:16:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 18:16:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 18:16:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 18:16:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 18:16:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.05.07 18:00:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.07 18:00:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.06 21:51:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.06 21:51:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.06 20:49:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.05.06 20:49:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.05.06 20:49:11 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.05.06 20:49:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.05.06 20:49:10 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.05.06 19:09:39 | 000,632,256 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.06 19:09:39 | 000,598,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.06 19:09:39 | 000,127,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.06 19:09:39 | 000,104,918 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.06 17:51:32 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys [2012.05.06 17:50:53 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.06 17:35:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.05.06 17:17:20 | 004,485,446 | R--- | M] (Swearware) -- C:\Users\Sebsch\Desktop\ComboFix.exe [2012.05.06 16:50:32 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.05.06 16:50:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.05.04 19:36:55 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk [2012.05.04 15:19:39 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.05.02 17:06:11 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.02 17:03:30 | 000,001,673 | ---- | M] () -- C:\Users\Sebsch\Desktop\Zattoo.lnk [2012.05.02 17:02:49 | 000,017,408 | ---- | M] () -- C:\Users\Sebsch\AppData\Local\WebpageIcons.db [2012.05.02 16:55:28 | 000,400,616 | ---- | M] () -- C:\Users\Sebsch\Documents\cc_20120502_165513.reg [2012.05.02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sebsch\Desktop\TDSSKiller.exe [2012.05.01 12:54:08 | 000,000,788 | ---- | M] () -- C:\Windows\wiso.ini [2012.04.30 16:55:38 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.29 20:09:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sebsch\Desktop\OTL.exe [2012.04.27 18:09:19 | 001,139,745 | ---- | M] () -- C:\Users\Sebsch\Desktop\TV_bracket_manual_tcm44-48802.pdf [2012.04.26 16:58:10 | 000,000,680 | ---- | M] () -- C:\Users\Sebsch\AppData\Local\d3d9caps.dat [2012.04.20 22:40:45 | 003,737,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.05.06 17:27:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.05.06 17:27:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.05.06 17:27:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.05.06 17:27:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.05.06 17:27:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.04 15:19:38 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.05.02 17:06:11 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.02 17:03:30 | 000,001,673 | ---- | C] () -- C:\Users\Sebsch\Desktop\Zattoo.lnk [2012.05.02 16:55:17 | 000,400,616 | ---- | C] () -- C:\Users\Sebsch\Documents\cc_20120502_165513.reg [2012.05.02 16:40:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.04.30 16:55:38 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.27 18:09:24 | 001,139,745 | ---- | C] () -- C:\Users\Sebsch\Desktop\TV_bracket_manual_tcm44-48802.pdf [2012.01.11 20:21:40 | 000,294,912 | ---- | C] () -- C:\Windows\System32\d3dy7i1mb.dll [2011.08.05 17:16:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.08.05 17:16:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.13 15:43:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.06.13 15:43:56 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.06.08 23:55:29 | 000,038,427 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.06.08 23:07:30 | 000,012,959 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Kommagetrennte Werte (DOS).CAL [2011.06.08 23:04:57 | 000,012,969 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Tabulatorgetrennte Werte (DOS).CAL [2011.06.07 17:54:28 | 000,038,433 | ---- | C] () -- C:\Users\Sebsch\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2011.05.08 18:09:32 | 000,185,475 | ---- | C] () -- C:\Windows\hpoins28.dat [2011.05.08 18:09:31 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat [2011.05.08 18:05:21 | 000,185,449 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2011.05.08 18:05:21 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.03.26 23:42:19 | 000,069,624 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe [2010.12.21 00:02:32 | 000,000,247 | ---- | C] () -- C:\Users\Sebsch\AppData\Local\RAExpertHistory.xml [2010.08.22 18:24:25 | 000,004,096 | -H-- | C] () -- C:\Users\Sebsch\AppData\Local\keyfile3.drm [2010.06.28 16:23:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.06.28 16:23:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.06.28 16:23:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.06.28 16:23:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.06.28 16:23:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.06.28 16:23:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.06.28 16:23:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.06.28 16:23:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.06.28 16:23:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.06.28 16:23:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.06.28 16:23:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.06.28 16:23:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.06.28 16:23:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.06.28 16:23:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.06.28 16:23:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.06.28 16:23:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.06.28 16:23:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.06.28 16:23:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.06.28 16:23:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.05.11 09:59:37 | 000,017,408 | ---- | C] () -- C:\Users\Sebsch\AppData\Local\WebpageIcons.db ========== LOP Check ========== [2009.02.27 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Buhl Data Service [2008.09.04 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\DAEMON Tools [2012.02.29 18:56:47 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\DeepBurner [2012.05.02 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\FileZilla [2009.02.26 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\FRITZ! [2011.08.10 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\go [2010.10.18 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\gtk-2.0 [2010.08.23 21:51:28 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\ICQ [2010.05.30 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\JonDo [2010.08.27 20:38:56 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Leadertech [2010.12.10 00:04:43 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\PCDr [2011.09.18 10:43:04 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Samsung [2010.07.12 18:42:31 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\SEGA Corporation [2011.03.26 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Sierra Wireless [2011.06.08 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\TeamViewer [2008.08.16 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\tmp [2008.08.22 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\TomTom [2010.12.30 18:16:57 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Ubisoft [2010.01.19 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Uniblue [2010.11.16 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Sebsch\AppData\Roaming\Unity [2012.05.06 17:50:53 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.27 12:16:08 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.05.2012 18:03:11 - Run 6
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Sebsch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 45,91% Memory free
7,18 Gb Paging File | 4,93 Gb Available in Paging File | 68,66% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132,37 Gb Total Space | 59,35 Gb Free Space | 44,84% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 28,11 Gb Free Space | 31,98% Space Free | Partition Type: NTFS
Computer Name: SEBSCH-PC | User Name: Sebsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2ED9F676-7B78-419D-9DC0-68954278E288}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{497E868D-5AE4-4751-896B-950110B6E03A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D5EC04C-0BE2-4EDC-9D3B-9A21516E98A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{6DB6A348-B382-4435-AFC9-791DEAEC6643}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AE671DE-1094-4857-A411-7750B5AB9517}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B8DC519-7E07-4587-854B-08A34F6EA2C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F30E4CD-A4F6-4E56-B85C-77D783308BBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDD955D0-2E07-43D5-B137-2D4CDD751F5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{C9178ED4-53D6-4D01-BDE3-B9A61A64A16D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6A45120-04C6-4701-A004-58A596811DAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC92B159-4B9B-46E3-B1FA-AB1DC95C2202}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F100EB41-358B-4875-A6C2-DF838BAF2000}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC3DEE-1F2A-4A54-9D3F-5EF564787A0E}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{0642B3AE-B393-4B25-90FD-639B37BCB704}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2D61E95F-BF6F-4BB9-9E5F-D1B8AEE3D169}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3135B771-3021-4D51-9B7F-CD53DDCCF9EC}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{32A599C1-3E4E-4B8B-8084-E2EC556636FB}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{3CB486B6-619B-4E91-9EAC-0F1612CC5982}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{4350BC36-2202-4CF7-88C7-A734A45B22B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{456CA08F-054C-439A-8D8D-C7C8CBD522E7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4B52C57A-AFE9-4C25-BB16-32302087E076}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5074F654-EBF6-4724-B422-C7DB6369F282}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{57357806-3DB4-4D5F-9E22-BA713B969CBA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5C2002BE-B8CB-430E-82CC-D30EDCC4C45A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{612B33CF-4B13-4188-845B-D2311ED72B2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74907227-EA09-48B9-B65D-A51082459708}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76FFEA3A-DA79-4F86-986E-565868F60E9A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{77299D71-4815-4253-AD12-0AF4B9E86EE9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8942F184-0C35-4F14-8A70-B2E05B6842D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BE698B7-AE1B-48EF-B184-A261B832BEFF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8FF16B69-DB58-4A50-B32A-D88A0102DC65}" = dir=in | app=c:\program files\samsung\allshare\allshareslideshowservice.exe |
"{9E651C2A-9390-4682-B758-9463669B704A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A04361F3-8E55-43FD-AF8D-5D37D52A6B4F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B1D49D86-615F-46FA-814A-781C4DCFC98B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B47F4A18-AFC5-42C8-AF9B-1B8808EC549D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA9DE2C9-8F74-4857-AA76-DAFA49BDAEF8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BE2952E4-DFCA-4987-A2C2-72B047D8B593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C4F4A196-D269-43BF-9768-B2F007238D5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C67B3FD5-28F3-44B1-8E38-84DB629AB918}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C79F3674-FDA3-4C13-9A1E-4C3D5DCFA77D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{CD06066B-249F-4DD0-BA7F-B0BB82197F03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD264AD3-07DA-4427-ACC6-BEFC15A6747D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{D667F9AE-533E-4447-AF2C-983040396161}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5CE082-7E76-48B5-9C66-BC3D2F34BF34}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E6815D3B-0DA4-49BF-84EC-DA16A6B589B9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E74CB2D8-7155-46CE-93D3-672D03978416}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{ECFF1738-7295-4D0C-851E-79C83CE80856}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F2ED7E00-38A1-4F97-86E4-D84C04A7F7F8}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{FA57E875-566C-4737-AE33-97DCF9D913A7}" = dir=in | app=c:\program files\samsung\allshare\allshareslideshowservice.exe |
"{FA78171D-5CB3-4E59-9941-04D49A03792A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{2FEF28BF-F2A6-48A9-9FA2-65A8DF229B28}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4994933F-B4A8-414E-9AF1-C19D27C34511}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4A8A968E-7847-4555-AA7C-905F998CB3E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4FD29D86-0ECE-48A6-80D2-1F68D0C27030}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6E23E6DF-08F2-4082-9E21-55EF7DD17CFE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AAAB7301-DD19-4706-ABC6-A2E2371F4815}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B16F83DC-8B8F-43A2-B805-66DB10AB4327}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{C6D00A4B-EA99-4A9D-B81E-94F3E9C0896A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{F1DCEBFC-8296-4B1C-87E5-0290DF58725D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F50D30A4-5945-494B-9378-35A3BD50F431}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{239625BC-4B4A-4E42-B6D6-A0CCA90C7D25}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{3748EB0A-2562-4D3A-B120-94A2DD1D0066}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{742D8B16-03A9-481A-88C3-96AE47687B73}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7E877D67-1752-4C15-993A-83A99834F3B4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{AE38FB4E-D951-4EDB-B42A-ACEC4F23C6AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D0AD87DF-304A-40D5-860B-940F4CB679CB}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{EC139C96-4A07-42EB-BCA3-05619D685AAA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F70AEC94-47A8-46F3-B753-6F6D82AD3507}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FFC10BB0-A813-4C33-AC17-075FEAAEFFE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FFE67AB3-FEEE-44CA-A7AF-570F30D0578F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Plugin" = [verify-U]_AVS_IE_Plugin
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73834802-106D-4E4B-AD75-F013C04CF150}" = PC SpeedScan Pro
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"6F9893FC73F8E3D5E164A0756EAAFFE3E7D21AD2" = Windows Driver Package - Intel (NETw5v32) net (09/25/2008 12.1.2.1)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.804
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Huawei Modems" = Huawei modem - Windows Driver 2.62 installer
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"ratDVD" = ratDVD 0.78.1444
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2011 05:05:46 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 14.08.2011 07:01:05 | Computer Name = Sebsch-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1d50 Anfangszeit: 01cc5a71374c66e0 Zeitpunkt
der Beendigung: 234
Error - 14.08.2011 10:09:42 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 14.08.2011 10:09:42 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.08.2011 11:33:21 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 15.08.2011 11:33:21 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 16.08.2011 11:40:39 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 16.08.2011 11:40:40 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.08.2011 11:46:05 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 17.08.2011 11:46:06 | Computer Name = Sebsch-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ OSession Events ]
Error - 07.02.2011 15:36:47 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 91878
seconds with 420 seconds of active time. This session ended with a crash.
Error - 31.12.1999 20:00:00 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 720 seconds of active time. This session ended with a crash.
Error - 01.03.2011 16:48:18 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.03.2011 16:53:52 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.05.2011 02:51:08 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.05.2011 16:05:08 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2011 10:29:22 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.06.2011 11:57:45 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 208978
seconds with 1560 seconds of active time. This session ended with a crash.
Error - 18.07.2011 06:53:59 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.12.2011 18:58:00 | Computer Name = Sebsch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.05.2012 16:25:19 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.05.2012 17:11:04 | Computer Name = Sebsch-PC | Source = DCOM | ID = 10016
Description =
Error - 07.05.2012 02:05:11 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 07.05.2012 02:05:11 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 07.05.2012 02:05:19 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 07.05.2012 02:05:19 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 07.05.2012 12:00:28 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 07.05.2012 12:00:28 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 07.05.2012 12:00:32 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 07.05.2012 12:00:32 | Computer Name = Sebsch-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Wann kann ich das Programm ComboFix wieder löschen ? Und was kann man noch wegen der Avira Meldung machen ? VG Sebsch |
|
08.05.2012, 09:18
| #20 | |
| /// Helfer-Team | TR/ATRAPS.Gen Virus 1. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012.01.11 20:21:40 | 000,294,912 | ---- | C] () -- C:\Windows\System32\d3dy7i1mb.dll
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
08.05.2012, 17:11
| #21 |
| | TR/ATRAPS.Gen Virus Hallo kira, hab den fix durchgeführt aber jetzt beksomme ich eine felermeldung beim starten und komme nicht mehr ins inet. Es konnten einigw dienste nicht gestartet werden. bei meinem verbindunssymbol steht, “verbindungsstatus unbekannt, abhänigkeitsdienst oder die abhängigkeitsgruppe konnte nicht gestartet werden.“ |
|
08.05.2012, 21:15
| #22 | ||
| /// Helfer-Team | TR/ATRAPS.Gen Virus Internet-Verbindung reparieren (Winsock zurücksetzen) Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen. Es öffnet sich die Eingabeaufforderung. Nach dem Prompt (>_) folgenden Text aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen. Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen. Code:
ATTFilter netsh winsock reset
Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt,oder mal bestimmte Probleme (Problem mit Update, Treiber) bekommt man auch gelöst, was man sogleich ausprobieren sollte: Zitat:
Zitat:
(drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen) - Berichte ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 1. erneut einen Scan mit OTL:
2. starte Avira-> updaten-> einen Vollscan machen-> Log hier posten
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
08.05.2012, 21:38
| #23 |
| | TR/ATRAPS.Gen Virus Hallo kira, Systemwiederherstellung bzw. Reparatur der Inet-Verbindung hat nichts gebracht. Letztendlich hab ich dann doch mein System neu aufgesetzt und gleich Windows 7 drauf gemacht. Momentan bin ich noch dabei alles einzurichten. Avira hab ich laufen lassen, bisher ist nichts angeschlagen. VG Sebsch |
|
09.05.2012, 04:44
| #24 |
| /// Helfer-Team | TR/ATRAPS.Gen Virus Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password)
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
09.05.2012, 08:18
| #25 |
| | TR/ATRAPS.Gen Virus Hallo kira, anbei nochmal das Log von Avira. Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 8. Mai 2012 22:39
Es wird nach 3760166 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SEBSCH-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.15 230152 Bytes 01.05.2012 22:13:35
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 10:43:53
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 10:43:53
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 10:43:53
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 10:43:53
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 10:43:53
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 10:43:53
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 10:43:53
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 10:43:53
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 10:43:53
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 08:21:19
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 11:11:22
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 13:05:45
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 13:48:16
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 07:36:01
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 17:04:31
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 09:33:40
VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 07:36:59
VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 14:46:27
VBASE023.VDF : 7.11.28.99 195072 Bytes 23.04.2012 19:18:20
VBASE024.VDF : 7.11.28.133 247808 Bytes 24.04.2012 14:57:13
VBASE025.VDF : 7.11.28.183 186880 Bytes 26.04.2012 12:10:36
VBASE026.VDF : 7.11.28.235 166400 Bytes 30.04.2012 17:26:41
VBASE027.VDF : 7.11.29.37 290816 Bytes 03.05.2012 17:26:41
VBASE028.VDF : 7.11.29.75 168448 Bytes 07.05.2012 17:26:41
VBASE029.VDF : 7.11.29.76 2048 Bytes 07.05.2012 17:26:41
VBASE030.VDF : 7.11.29.77 2048 Bytes 07.05.2012 17:26:41
VBASE031.VDF : 7.11.29.104 92672 Bytes 08.05.2012 17:26:41
Engineversion : 8.2.10.62
AEVDF.DLL : 8.1.2.2 106868 Bytes 06.02.2012 23:31:09
AESCRIPT.DLL : 8.1.4.18 455034 Bytes 26.04.2012 16:41:32
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.5 606579 Bytes 26.04.2012 16:41:32
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.12 807287 Bytes 08.05.2012 17:26:45
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32
AEHEUR.DLL : 8.1.4.23 4702582 Bytes 08.05.2012 17:26:44
AEHELP.DLL : 8.1.20.0 254326 Bytes 26.04.2012 16:41:31
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31
AEEXP.DLL : 8.1.0.35 82291 Bytes 08.05.2012 17:26:45
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.6 201078 Bytes 26.04.2012 16:41:31
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 8. Mai 2012 22:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Beim Laden des Moduls (AVARKT.DLL) ist folgender Fehler aufgetreten:
Die Datei existiert nicht!
AVARKT.DLL
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10c.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareDMS.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShare.exe' - '183' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareAgent.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'OEM02Mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '184' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1462' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\$Recycle.Bin\S-1-5-21-1478784835-2635818369-1583503271-1001\$RAIZBYM.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\$Recycle.Bin\S-1-5-21-1478784835-2635818369-1583503271-1001\$RSNNEGF.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\$Recycle.Bin\S-1-5-21-1478784835-2635818369-1583503271-1001\$RXRNMCQ.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\Sebsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9PLF79L\avira_free_antivirus_de[1].exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Sebsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWEY17AD\avira_free_antivirus_de[1].exe
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\' <Daten>
D:\Bild\Party\SemOut\_Semesteroutparty.zip
[WARNUNG] Unerwartetes Dateiende erreicht
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ient_s1.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ient_s2.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ient_s3.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ient_s4.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ient_s5.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ie_s1.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ie_s2.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ie_s3.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ie_s4.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\C#\SCHULUNG\CD Images\MCAD - 70-315 316 320 - Self-Paced Training Kit Microsoft .NET Core Requirements\IE6SP1\en\ie6\ie_s5.cab
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
D:\Dokumente\SQL\PremiumSoft.MySQL.Studio.5.1.by.YiKi.sharelive\1. Install Trial From Here\pmstudio51trial.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
D:\Download\WISO.Bewerbung.2007.Build.5.1.0.40.German\WISO.Bewerbung.2007.Build.5.1.0.40.German.rar
[WARNUNG] Die Datei ist kennwortgeschützt
D:\Eigene Dateien\Scripts\Digitale Ökonomie\Internetoekonomie-Mitschrift.rar
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
Ende des Suchlaufs: Mittwoch, 9. Mai 2012 07:49
Benötigte Zeit: 9:09:39 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
16997 Verzeichnisse wurden überprüft
612249 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
3 Dateien konnten nicht durchsucht werden
612246 Dateien ohne Befall
6612 Archive wurden durchsucht
19 Warnungen
0 Hinweise
VG Sebsch |
|
09.05.2012, 08:25
| #26 |
| /// Helfer-Team | TR/ATRAPS.Gen Virus 1. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 2. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu TR/ATRAPS.Gen Virus |
| andere, anderen, antivirus, avira, einfach, entferne, hallo zusammen, hoffe, logfiles, mehrfach, tr/atraps.gen, virus, weiterhelfen, zusammen |
.
Linear-Darstellung
