![]() |
|
Log-Analyse und Auswertung: Netbook Backdoor versucht, Passwörter gehackt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Netbook Backdoor versucht, Passwörter gehackt! Hallo Leute, Gestern bekamen ein paar Leute von mir eine Spammail von meinem GMX-Account inkl. Virus. Ich vermute ich hab mir irgendwas eingefangen. ![]() Ich hoffe ihr könnt mich weiterhelfen. Code:
ATTFilter Malwarebytes: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.13.04 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Marcus :: MARCUS-EEEPC [Administrator] Schutz: Aktiviert 14.05.2012 00:58:21 mbam-log-2012-05-14 (00-58-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200770 Laufzeit: 22 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Marcus\AppData\Local\Temp\is-BSUII.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/14/2012 9:54:43 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Marcus\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free 1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe PRC - [2012/05/06 11:40:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE PRC - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2012/05/06 11:40:42 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/10/18 09:26:14 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/06 11:40:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj77l0wd) DRV - [2012/05/14 09:50:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\weckg.sys -- (jdwrp) DRV - [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.SYS -- (PVUSB) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/07/05 15:38:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/05 15:38:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/01/10 18:02:47 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010/03/10 09:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService) DRV - [1999/03/06 13:38:28 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASUSHWIO.SYS -- (asushwio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr IE - HKCU\..\SearchScopes,DefaultScope = {CFB29CFD-38CD-45DA-8D09-B824417EEEB1} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{CFB29CFD-38CD-45DA-8D09-B824417EEEB1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:40:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 16:42:08 | 000,000,000 | ---D | M] [2011/01/03 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions [2012/05/02 20:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions [2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/03/30 18:34:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/11/15 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/03/30 18:34:26 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011/08/23 21:08:26 | 000,025,939 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI [2012/05/06 11:40:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/01/03 23:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010/12/21 11:14:26 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/10/06 21:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/06 21:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/06 21:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011/10/06 21:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/06 21:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/06 21:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON BX305 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A020C8-05B7-4AAD-B2AC-EB300F9D73D4}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60F15E-2C5D-436D-80C2-6B3D7392C60A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/05/14 01:01:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2012/05/14 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes [2012/05/14 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/14 00:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/14 00:56:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/05/14 00:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/14 00:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012/05/14 00:34:39 | 000,000,000 | ---D | C] -- C:\windows\pss [2012/05/14 00:11:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012/05/14 00:08:16 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012/05/13 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Avira [2012/05/08 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO [2012/05/08 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CASIO [2012/05/08 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO [2012/05/08 16:32:14 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2012/05/06 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/06 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/03 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012/05/03 11:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012/05/03 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2012/05/03 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\EPSON [2012/05/03 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite [2012/05/03 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2012/04/21 13:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/04/19 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/14 09:50:59 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\weckg.sys [2012/05/14 09:30:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2012/05/14 00:04:17 | 000,002,413 | ---- | M] () -- C:\windows\System32\lgAxconfig.ini [2012/05/13 20:29:09 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/13 19:52:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2012/05/11 12:18:24 | 000,440,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/11 11:30:03 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/05/11 11:30:03 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/11 11:30:03 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/05/11 11:30:03 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/05/10 14:58:41 | 000,000,008 | ---- | M] () -- C:\windows\System32\ctsn32.dll [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\windows\System32\drivers\CESG502.SYS [2012/05/08 16:34:43 | 000,000,008 | ---- | M] () -- C:\windows\System32\tcdl2.dll [2012/05/03 11:09:05 | 000,000,308 | ---- | M] () -- C:\windows\setup.iss [2012/04/19 13:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ADB [2012/04/19 13:49:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\P970Mod [2012/04/19 11:46:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/14 09:50:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\weckg.sys [2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\tcdl2.dll [2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\ctsn32.dll [2012/05/03 11:08:34 | 000,000,308 | ---- | C] () -- C:\windows\setup.iss [2012/04/19 13:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\ADB [2012/04/19 13:49:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\P970Mod [2012/04/19 11:46:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf [2012/01/30 21:54:11 | 000,038,428 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012/01/30 21:54:06 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI [2011/08/11 20:01:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll [2011/08/11 20:01:15 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini [2011/07/05 16:46:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/05/25 22:22:57 | 000,038,422 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011/02/18 12:42:06 | 000,007,607 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg [2011/01/11 13:32:05 | 000,008,192 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/03 22:30:01 | 000,111,104 | ---- | C] () -- C:\windows\System32\Uharc.exe [2011/01/03 22:30:01 | 000,008,636 | ---- | C] () -- C:\windows\System32\modifype.exe [2010/12/29 08:43:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010/12/28 19:50:41 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini [2010/12/28 19:34:48 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2010/12/28 19:34:48 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys [2010/06/24 18:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe [2010/06/24 18:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe [2010/06/24 18:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/06/24 18:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/06/24 18:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat ========== LOP Check ========== [2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon [2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc [2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink [2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite [2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers [2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts [2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON [2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy [2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software [2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter [2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo [2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC [2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda [2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org [2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity [2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar [2012/04/26 12:51:08 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011/06/23 22:21:29 | 001,048,576 | -H-- | M] () -- C:\CAPTURE.AVI [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 | 000,010,134 | -H-- | M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 | 000,000,118 | -H-- | M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.3082.txt [2007/11/07 09:00:40 | 000,001,110 | -H-- | M] () -- C:\globdata.ini [2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 09:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 09:00:40 | 000,000,843 | -H-- | M] () -- C:\install.ini [2007/11/07 09:03:18 | 000,076,304 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:03:18 | 000,091,152 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:03:18 | 000,097,296 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:03:18 | 000,095,248 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:03:18 | 000,081,424 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:03:18 | 000,079,888 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:03:18 | 000,075,792 | -H-- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/05/13 19:51:58 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2010/12/28 19:35:33 | 000,002,119 | -H-- | M] () -- C:\RHDSetup.log [2007/11/07 09:00:40 | 000,005,686 | -H-- | M] () -- C:\vcredist.bmp [2007/11/07 09:09:22 | 001,442,522 | -H-- | M] () -- C:\VC_RED.cab [2007/11/07 09:12:28 | 000,232,960 | -H-- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009/06/22 19:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2009/07/14 03:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll [2009/07/14 03:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL [2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll [2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009/07/10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\windows\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\windows\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\windows\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-13 22:42:36 < > < End of report > [/code] Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/14/2012 9:54:43 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Marcus\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free 1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07C41E75-88D4-45A6-B4F2-0E75A36617AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0A3885C6-B8A6-46A9-8A49-A9C913D8D1F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1330C376-17AA-432C-8F13-75129C37C549}" = lport=2869 | protocol=6 | dir=in | app=system | "{17575CF3-DCBB-4B3C-9A95-0CAAFBFBA718}" = lport=2869 | protocol=6 | dir=in | app=system | "{18EF1DE9-896F-4C13-BBB2-2FD990AFDCBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B65B3BA-7F73-459C-998F-A94774088207}" = rport=137 | protocol=17 | dir=out | app=system | "{230E1CA9-C97D-4E4E-86FC-3AE1C46DBCAC}" = rport=138 | protocol=17 | dir=out | app=system | "{2573D109-4EEE-4BBD-B95E-E049E6E29A5B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2CE5D76A-BBC1-4835-B6AA-85C8465CD1ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{392CEE02-A3EE-430D-AA5E-FEC1B1AC8A20}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3D2411A3-868D-47C5-90A6-9D2452A35706}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3F7DF836-7684-4D97-89F6-78DC410743D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{416E336B-CA6B-4866-A9E7-F2F9463CB92A}" = rport=139 | protocol=6 | dir=out | app=system | "{47EFD8EF-7C41-4BF0-8E35-ECA7EB990F0C}" = lport=139 | protocol=6 | dir=in | app=system | "{4FE3A40A-D7AE-4C16-B2FE-DBE2DC482CCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53CC27A5-7396-4F92-A872-228029B1C1C5}" = lport=10243 | protocol=6 | dir=in | app=system | "{56764840-778A-49A1-940E-F0E22806E862}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FF7322A-5A9C-4296-A343-1E6319BC0D92}" = lport=137 | protocol=17 | dir=in | app=system | "{6357E87C-F789-4C79-8717-DE4D2635A231}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{63678C75-EF5D-40AA-91A6-7D4908264E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6ED2F8F2-DED5-43E1-927E-B14EF954791B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{784A2AC3-DA31-4BE6-B9BC-5368B524765A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7D79EC28-4392-4E85-8DC9-AAEA15026FD2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{811AD7F3-5434-437B-88D4-61508F96512D}" = rport=445 | protocol=6 | dir=out | app=system | "{82550C39-611F-4519-8DA1-D29AA4BFB658}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88583089-283B-4E85-8649-BBDCF9E43793}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{966438D6-71B9-49C0-9CC4-F32770150E06}" = lport=445 | protocol=6 | dir=in | app=system | "{9B41D560-72DB-4D83-9C3B-0485D273F16E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{B85B4608-D475-400A-A335-8F84A9F8A8B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BF6DE93D-B6E6-4AC2-BC7B-3A37573DB46C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C8664489-5B02-42E0-AC8C-31ED06321294}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CEB565F7-7750-4A66-8714-7D5ACFD4CE49}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D21DE822-AAAE-45EE-B6BC-AA2027D4ACA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E2FCAD9D-23BD-44CF-A02B-FDAC911457FF}" = rport=10243 | protocol=6 | dir=out | app=system | "{E5A7DEB9-2B0E-41CE-B198-5EC29EC83035}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7B47B63-6EE5-4AD0-8B66-036FB615B724}" = lport=138 | protocol=17 | dir=in | app=system | "{F602AA5A-9828-4584-BB02-8948F29BFA0E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F753DDFC-EAAB-4272-8BF6-1DC4937CD540}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F9A1924E-2E2C-4B12-9C38-FE312487534B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FAE8E498-C4F3-4DBC-9064-944A21A93197}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E475C57-8585-472D-BADF-FE72DC43C448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1FEB2207-1BE1-49E8-843F-1C0D6CEBBFFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{342C8B45-BD45-40A0-B166-BD3E067062AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{49FEA0A5-7FAB-4C8C-98B0-CE40E3FDEFC3}" = protocol=6 | dir=out | app=system | "{55A014B2-68E5-4B69-91AA-135CEB947963}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{55AA8E81-F9D7-4431-BB12-118C9E16BF45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A01866C-A772-478D-AAC7-C754D9D1C513}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{64477760-F130-470A-8F09-35DCDAEFB2ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{65051865-47BB-4C5E-8F2E-3485B16BAEFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6F89B273-26E0-43FF-B924-D4F5761F8393}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89698982-724C-45EA-8186-3693E616C9CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8B3C7334-C42A-4029-A1EA-73308CF3C6D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{939CC37C-7F7E-4824-995B-DF81210A0FC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9D1B0EBC-C2CB-46E6-8576-AE5AAD58E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6F84EA7-FF24-4DC3-9087-6623280BFFC7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{B082068D-34B8-4FD3-9FCD-BD517288EF4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B9F4398E-5838-4F8F-80F0-BBFE0FE9F248}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C24DD7FB-FA09-4AE0-AE1D-FF66007954F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C3ACD4FA-2D1D-428C-9798-4DB4F3C97787}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C43D9277-9DBE-4639-ABF5-2206458E6D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C45DE543-9306-4E69-8F1C-0755B96BFCA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8919642-0D80-4741-9440-E2D305A93A85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD470C28-CA75-4C58-8E07-405C8EB9064F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CDA400-6707-4CA6-B383-6E9F834DBB41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DA02A00A-846B-4AE9-908F-B16841D798B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DC414A8B-63B8-4A39-A388-00EDB2E7682F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E73A3FAA-D35F-4948-94CE-8E7DA24C3D56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FC14CFF0-4FC2-45FC-B0DE-6D2698E2600E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD0CD60E-7F14-4E38-88B2-47D316D2E37A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{03EBD576-41F9-43D6-AE24-70B656C175CE}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{162B4EC8-0394-4D12-9D1C-0E2FB1933EE6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{18CEC996-03D4-4383-BD88-6BC3EE19F6D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{275E3436-6C4B-423A-B829-40765C995B18}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{809DE0E3-9150-4FBA-A30A-A6EE75641A59}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{99702156-AF2F-4092-835F-8799A2D8862B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{B31CE671-A378-46BA-94F5-FA9F35564CC3}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe | "TCP Query User{E90CA908-A45B-41FF-AA5B-754ACB383AC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{173A96C5-CF84-44D2-8A33-A3C71FAB64CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4836255E-4AB0-4596-95DE-8EFC1342CC33}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{6EC2220A-4248-4A1A-A9AA-CCD5172BFA76}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{BFC476AD-4873-40F2-B749-043C8989C2F0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{D7162B56-CCBC-4E63-97ED-E1D09AB18E87}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{D7ED3ADA-C3F9-4EE7-AA75-144629B7CDED}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{E442430F-848B-4292-AB0F-6D137D272B00}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe | "UDP Query User{F95F63C0-C463-4E79-A143-467FF4A01E72}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{14757070-5AE3-434C-9880-8F571E5C0FCB}" = Anti-reCAPTCHA v3.02 JD "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53FB84B2-23CC-47BE-903F-EC1841459509}" = Program-Link FA-CP1 (Single License) "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{71F205E9-C01C-47C5-B029-8AAC14AF03F1}" = ClassPad Manager v3 (30 Day Trial) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1 "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0 "{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FC984DA1-8718-4557-BAB6-947718C454DF}" = PDF-XChange Viewer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free FLV Converter_is1" = Free FLV Converter V 6.94.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.9.14 "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "Total Mail Converter_is1" = TotalMailConverter "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/19/2012 7:40:51 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002 Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1360 Startzeit: 01cd1e211c183208 Endzeit: 17 Anwendungspfad: C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe Berichts-ID: 800317cc-8a14-11e1-bc8b-20cf3052a631 Error - 4/19/2012 7:42:27 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002 Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 128c Startzeit: 01cd1e21473cfc71 Endzeit: 25 Anwendungspfad: C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe Berichts-ID: b2024975-8a14-11e1-bc8b-20cf3052a631 Error - 4/20/2012 6:03:57 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000, Zeitstempel: 0x49a6b036 Name des fehlerhaften Moduls: rapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x465eef68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6e8042ff ID des fehlerhaften Prozesses: 0xbc0 Startzeit der fehlerhaften Anwendung: 0x01cd1edcbb2bcfa7 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Pfad des fehlerhaften Moduls: rapi.dll Berichtskennung: 246acacb-8ad0-11e1-bcd4-20cf3052a631 Error - 4/21/2012 4:25:14 PM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000, Zeitstempel: 0x49a6b036 Name des fehlerhaften Moduls: rapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x465eef68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6e9f42ff ID des fehlerhaften Prozesses: 0xbb0 Startzeit der fehlerhaften Anwendung: 0x01cd1ffca777c598 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Pfad des fehlerhaften Moduls: rapi.dll Berichtskennung: 19777476-8bf0-11e1-bc36-20cf3052a631 Error - 4/24/2012 7:30:20 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000, Zeitstempel: 0x49a6b036 Name des fehlerhaften Moduls: rapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x465eef68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x720042ff ID des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0x01cd220d67e40653 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Pfad des fehlerhaften Moduls: rapi.dll Berichtskennung: df3c408b-8e00-11e1-bc70-20cf3052a631 Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2 Description = Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2 Description = Error - 5/3/2012 4:53:15 AM | Computer Name = Marcus-EeePC | Source = VSS | ID = 8194 Description = Error - 5/3/2012 5:08:27 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 16.0.0.400, Zeitstempel: 0x4ab84bb7 Name des fehlerhaften Moduls: ISSetup.dll, Version: 16.0.0.400, Zeitstempel: 0x4ab84b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7a6f ID des fehlerhaften Prozesses: 0x1510 Startzeit der fehlerhaften Anwendung: 0x01cd290c4176ea8d Pfad der fehlerhaften Anwendung: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\setup.exe Pfad des fehlerhaften Moduls: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll Berichtskennung: 8af027a9-94ff-11e1-9883-20cf3052a631 Error - 5/6/2012 4:59:51 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000, Zeitstempel: 0x49a6b036 Name des fehlerhaften Moduls: rapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x465eef68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x703442ff ID des fehlerhaften Prozesses: 0xbec Startzeit der fehlerhaften Anwendung: 0x01cd2b6663e983c8 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Pfad des fehlerhaften Moduls: rapi.dll Berichtskennung: d68f7761-9759-11e1-bc2b-20cf3052a631 [ System Events ] Error - 3/11/2012 11:17:36 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" ist vom Dienst "Windows Mobile-basierte Geräteverbindungen" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error - 3/11/2012 12:50:06 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Mobile-basierte Geräteverbindungen erreicht. Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10005 Description = Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 3/11/2012 4:11:44 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010 Description = Error - 3/11/2012 6:24:18 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010 Description = Error - 3/11/2012 6:38:30 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 3/11/2012 6:38:34 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010 Description = Error - 3/14/2012 11:47:27 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 3/20/2012 4:34:11 AM | Computer Name = Marcus-EeePC | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > [/code] Geändert von donniedarko (14.05.2012 um 10:23 Uhr) |
Themen zu Netbook Backdoor versucht, Passwörter gehackt! |
32 bit, antivir, application/pdf, application/pdf:, avira, backdoor, bho, converter, dateisystem, defender, downloader, error, firefox, flash player, format, gmx-account, google, google earth, heuristiks/extra, heuristiks/shuriken, jdownloader, logfile, m.exe, microsoft office word, mozilla, mp3, office 2007, plug-in, programm, pup.dealio.tb, realtek, registry, rundll, searchscopes, security, senden, software, svchost.exe, temp, tracker, udp, version=1.0, wlansvc, youtube downloader |