| |
| |||||||
Log-Analyse und Auswertung: Trojaner_Dropper.Win32.Injector.ezycWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.06.2012, 19:07
| #1 |
| |  Trojaner_Dropper.Win32.Injector.ezyc Hallo, Beim öffnen einer scheinbar verseuchten email (AOL) habe ich meinen Rechner mit o. g. Trojaner infiziert. Seitdem lassen sich keine Dokumente und Dateien mehr öffnen (MS Office, pdf, Bilder, Musik, etc.). Die Dateien werden angezeigt (Dateiname ist nicht verändert), bei Bildern auch die Miniaturansichten, aber ein Öffnen ist nicht möglich (Meldung: Die Datei kann nicht geöffnet werden, da ihr Inhalt Probleme verursacht. Details: Die Datei ist beschädigt und kann nicht geöffnet werden). Alle Dateien, die danach erstellt wurden, sind problemlos zu öffnen und zu bearbeiten. OTL logfile created on: 01.06.2012 19:16:19 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 26,69% Memory free 6,18 Gb Paging File | 3,88 Gb Available in Paging File | 62,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,70 Gb Total Space | 313,08 Gb Free Space | 68,70% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,34 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 19:15:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe PRC - [2012.04.25 18:48:30 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.04 23:50:14 | 000,409,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.18 18:05:54 | 002,751,808 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2011.08.18 18:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.08.01 20:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Programme\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.05.06 10:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.10.04 15:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2008.09.24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe PRC - [2008.09.24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe PRC - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE ========== Modules (No Company Name) ========== MOD - [2012.05.13 19:37:28 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\9b4b264ec92ae26b19cd8f3de00f2dc6\MenuSkinning.ni.dll MOD - [2012.05.13 19:37:11 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\3b76332b2e9a8d6199d072e06170532d\VistaBridgeLibrary.ni.dll MOD - [2012.05.13 19:37:07 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.13 19:37:06 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\3ce93aa405c6aa6923c244f86b10eaf5\DellDock.ni.exe MOD - [2012.05.13 19:37:04 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\00903a2730ff045305712f3dd558d33d\MyDock.Util.ni.dll MOD - [2012.05.13 19:36:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.13 19:36:32 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012.05.13 19:01:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.13 19:01:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll MOD - [2012.05.13 19:01:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll MOD - [2012.05.13 18:59:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.13 18:59:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.05.05 16:48:13 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.04.25 18:48:28 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2011.08.18 18:05:54 | 002,751,808 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.05 16:48:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.04.25 18:48:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.08.18 18:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.06 10:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (avp) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.04 13:00:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2008.09.24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2011.12.19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw) DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips) DRV - [2011.12.19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis) DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.11.11 18:35:28 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2009.10.14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg) DRV - [2009.10.02 20:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.09.14 15:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.09.01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2009.03.04 20:12:01 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2008.01.21 04:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2008.01.21 04:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008.01.21 04:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2008.01.21 04:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.01.21 04:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2008.01.21 04:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2008.01.21 04:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2008.01.21 04:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2008.01.21 04:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2008.01.21 04:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008.01.21 04:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CBB64260-727B-4810-9D47-9676803AED49}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=A797CF56039EED3A5689EE4FC7E5EF67 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 8C 2A 7E 92 82 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=A797CF56039EED3A5689EE4FC7E5EF67&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{CBB64260-727B-4810-9D47-9676803AED49}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Live Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.1.1.88 FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.31 23:44:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.31 22:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2011.02.17 10:44:51 | 000,000,000 | ---D | M] [2009.05.22 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.31 23:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4tk8clnz.default\extensions [2012.05.30 12:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4tk8clnz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}(446) [2012.05.31 23:43:39 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4tk8clnz.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.01.17 20:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4tk8clnz.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}(25) [2012.05.31 23:43:51 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4tk8clnz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2009.07.10 10:26:41 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4tk8clnz.default\searchplugins\live-search.xml [2012.03.28 11:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.28 11:56:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.02.17 10:50:34 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012.04.25 18:48:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.17 15:44:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.31 23:43:44 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2012.02.14 11:14:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 11:14:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.14 11:14:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 11:14:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 11:14:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 11:14:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF2224C-14CD-4982-9139-C798D3A4B144}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 19:15:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.01 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F8A91443-F7AE-4840-987C-9DD5A1DF7F18} [2012.06.01 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BE71FEAB-0FC9-4A8B-8CFF-E77925392992} [2012.05.31 23:50:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adaware [2012.05.31 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.05.31 23:47:52 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys [2012.05.31 23:45:51 | 000,094,584 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFwIm.sys [2012.05.31 23:45:45 | 000,223,864 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFw.sys [2012.05.31 23:45:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD [2012.05.31 23:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.05.31 23:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.05.31 23:44:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp [2012.05.31 23:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.05.31 23:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2012.05.31 23:43:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Blekko [2012.05.31 23:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2012.05.31 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.05.31 23:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.31 23:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.31 23:18:50 | 000,000,000 | ---D | C] -- C:\Users\Familie Blanke\AppData\Local\{352C93F7-641D-4E6B-B0AC-69FF05415CEF} [2012.05.31 22:30:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{066533DB-ABD5-44B5-979D-2A52A2109DB6} [2012.05.31 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6DB05F9D-9856-4964-B98C-E6BA52CA9A75} [2012.05.30 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{07E28BB8-03B6-405F-9640-D34729B2C24C} [2012.05.30 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{664B5C41-B8AC-4496-9201-65A6DA90AA9E} [2012.05.30 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qnfypw [2012.05.30 10:30:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{262700ED-A75E-463A-BC65-EC3C7BFFBF3C} [2012.05.30 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9A6696AF-D75B-4E2D-B5D2-5D988A4DB2F7} [2012.05.29 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F399D274-5C94-45FF-A348-E4F28EE2AACE} [2012.05.29 22:30:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{77FFB6A4-14AD-4836-8DE1-8B748E5B64D4} [2012.05.29 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(141) [2012.05.29 10:29:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AD157FF5-74F3-4294-91C6-7B445EDE581B} [2012.05.29 10:29:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{67FE37D5-0172-4D57-A381-3207C0FB77D3} [2012.05.27 18:50:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E8BCEF4B-6D78-4273-91B5-4D35E35F1BC5} [2012.05.27 18:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{097DCCA0-257B-4DD6-BE00-367558163E1A} [2012.05.25 20:13:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{60D73DC5-D330-44CC-9421-6E7802604AE9} [2012.05.25 20:13:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7BAE4D8E-E938-4343-9064-2E27B4E77544} [2012.05.25 08:13:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{68F7D1F4-251C-4377-AD66-1FA901EF53CC} [2012.05.25 08:12:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7AE6ADBF-A250-4CBE-9ADD-13335D578D14} [2012.05.24 20:12:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{289EC725-5F23-4A11-A2F3-E21D4FE52FF4} [2012.05.24 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E4723D39-B293-438A-83BD-B17C757DF8AB} [2012.05.24 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C1B5D195-BB44-4EDF-BC32-A83153A13406} [2012.05.23 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2EDBF31B-9658-45F9-95E1-28EAFC801254} [2012.05.23 12:30:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E38B46BC-F6CE-4B4C-AE5B-241725102793} [2012.05.22 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F1B4E203-425F-4EA0-9CAE-953C7BA8D2C6} [2012.05.22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A0C8BA2E-5B60-4830-953E-9777C4052ED4} [2012.05.22 13:20:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DEE1D0A7-ECED-4F1F-9203-8230FBD569A9} [2012.05.21 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CF1EBC7F-52DB-4896-9512-DBCAEA29A3E8} [2012.05.21 15:49:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6306DB3B-ED80-48C0-B2BE-1B3B222FBED1} [2012.05.20 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{09A816DE-D096-416D-8284-2A6ED51D8435} [2012.05.20 17:23:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF4DCDF5-12C0-4F11-9A19-FC62E93E6BE6} [2012.05.20 12:22:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{44DFDBBC-851B-430E-BBA5-1BF2FBAAB227} [2012.05.19 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4C55CCB0-B86E-45B8-B890-E692338D1E94} [2012.05.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C625F76D-1C07-4854-B725-563A6CD3A4B9} [2012.05.18 17:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.05.18 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMeister2 [2012.05.18 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{56B46E7D-BE51-49D2-BD14-D01043F50070} [2012.05.18 12:19:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F11769E3-7956-4638-B46E-D9BF1F1F2F60} [2012.05.17 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5E3E7094-4C0D-4935-90E7-169C52297768} [2012.05.17 10:29:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E91981E9-D2F3-4902-8AC3-F9279A9134E0} [2012.05.16 17:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0D5020A-082B-48CF-BA8D-A6D2160FD2C5} [2012.05.16 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{842ECF30-7C9F-433F-8F0E-E381A2065936} [2012.05.15 14:15:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0FE70260-048C-481C-80FB-2262D622BA0D} [2012.05.15 14:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F690E5BF-D560-44F1-8289-421B71CB14C5} [2012.05.14 14:11:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AA852DF8-3401-47E2-B25B-5F0D13D89135} [2012.05.14 14:11:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54990D46-8F76-4630-A4BC-D4FC551C0761} [2012.05.13 11:41:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{31884063-7474-42BD-A22E-3D1518F8DFD6} [2012.05.13 11:41:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CD14BAB0-67B4-4351-BDCC-47DE389B61E6} [2012.05.12 14:23:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CB1D3374-2F5C-4D47-B642-49670FE1AFAD} [2012.05.12 14:22:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CFA3F868-3005-4A5F-B88D-002C85A79CEB} [2012.05.11 12:02:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4954A963-E32A-4E4B-9E52-081D1CD4A070} [2012.05.11 12:02:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F6CDACA-5FF4-4F0A-8A0F-06D486B57E0E} [2012.05.10 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D2EE675E-91DB-43D6-9836-5C4BB710E09F} [2012.05.10 11:12:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4A7706CD-C427-4716-B353-EE889AA3996B} [2012.05.09 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D7DABAA4-179F-499C-9A0A-97F11141DCF8} [2012.05.09 11:06:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{82CEB431-EF67-477F-B8DE-DBC7F4B188C7} [2012.05.08 19:08:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{419D14AF-3B5D-48C9-98C6-C9B50D83D314} [2012.05.08 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D7B05B2B-9346-48BC-8B4A-87D639D0871D} [2012.05.08 16:11:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BB25866F-C4C6-4755-B1BB-71F787EB8617} [2012.05.08 11:08:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9CBCC0FD-8CA8-46A4-8ADC-D59FA3A7EC00} [2012.05.07 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A260E5A8-F84E-4ED9-8A7A-76EF25A5A3D0} [2012.05.07 16:35:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2A5EB356-3D4A-43F6-8C12-BD0907E70130} [2012.05.07 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{51CAB501-B1C1-4939-AE57-A0BDC82EEBED} [2012.05.06 11:39:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{050C19B4-B729-438E-8C90-537632985347} [2012.05.06 11:39:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FB6B82B5-F7CC-4DB3-9BF7-F20CE39F53E4} [2012.05.05 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A2DC1422-9DB2-41DD-BCC6-AF61464321DD} [2012.05.05 14:53:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A93E3D01-1BD1-4FBF-AD78-7306F2B72A85} [2012.05.04 14:35:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B5A0F5D6-C848-468D-B8A9-1C1B99787A2F} [2012.05.04 14:34:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F4B9E69F-19CE-45D9-B251-D3670DA58C04} [2012.05.04 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42402D43-A2BB-4C12-A9D3-CB769EA4A770} [2012.05.03 14:01:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CD367F81-F236-496B-B5A2-9C607180A0D8} [2012.05.03 14:00:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{00A4D63D-A076-47D5-B1AE-A23899EA598D} [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.01 19:23:02 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB9AEA78-FC60-4FD5-B84E-3BB4EED3F3AA}.job [2012.06.01 19:15:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.01 19:13:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.01 19:12:35 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.06.01 18:55:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.01 18:53:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 18:53:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 18:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.01 16:55:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.01 14:11:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.06.01 12:56:45 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.06.01 12:53:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 12:53:54 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 23:50:21 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.31 23:50:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.31 23:50:21 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.31 23:50:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.31 23:27:18 | 000,448,652 | ---- | M] () -- C:\Users\***\Documents\cc_20120531_232705.reg [2012.05.31 23:26:09 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 17:52:31 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.05.18 17:07:24 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.18 15:27:40 | 000,293,838 | ---- | M] () -- C:\Users\***\Documents\April 16 - 21, 2012.wlmp [2012.05.13 18:56:49 | 000,382,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.08 19:27:37 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.01 19:13:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.01 19:12:34 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.31 23:49:20 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.05.31 23:27:09 | 000,448,652 | ---- | C] () -- C:\Users\***\Documents\cc_20120531_232705.reg [2012.05.31 23:26:09 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 17:52:31 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011.10.10 08:25:36 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{2F7A7AED-52FF-44FF-B541-6A53F443A037} [2011.09.28 21:28:50 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0899B9ED-AC26-421F-8342-10F327BD5DA6} [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.25 15:54:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{BD4605B5-6F03-4816-AA2F-D7224FB3DC0A} [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.08.08 12:01:33 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{64FA4955-EFF2-4D29-A662-37D319CC43C5} [2011.08.02 16:20:25 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{DEB83F15-6006-477A-A04E-A44AE4D8FD3B} [2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.01 20:00:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{C292B600-8AB5-4D2A-85AC-E259EA41448F} [2011.06.29 10:00:21 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{82E525D5-75E6-41F3-8E58-143B80EEC4BF} [2011.06.08 11:01:05 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{AFAD2EAB-41ED-435C-A341-E6491FBC0192} [2011.06.04 13:44:26 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{F1752131-E915-4E11-B303-C52A9F4D980B} ========== LOP Check ========== [2012.06.01 10:57:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.03.26 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.03.01 16:45:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Aquamarin Haushaltsbuch [2012.05.31 23:43:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blekko [2010.04.23 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2010.04.23 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH [2012.05.25 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.01.04 22:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin [2011.09.12 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.05.31 22:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lernkartei [2010.04.23 20:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LetsTrade [2010.06.20 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.06.20 14:44:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nseries [2010.06.20 15:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.05.30 16:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qnfypw [2012.06.01 12:49:03 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 19:23:02 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FB9AEA78-FC60-4FD5-B84E-3BB4EED3F3AA}.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 01.06.2012 19:16:19 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 26,69% Memory free 6,18 Gb Paging File | 3,88 Gb Available in Paging File | 62,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,70 Gb Total Space | 313,08 Gb Free Space | 68,70% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,34 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EDA8EA3-F0AF-4461-8067-DE9C1ED7E769}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{10270655-308D-465B-81D4-5FD91AEDC22D}" = lport=10243 | protocol=6 | dir=in | app=system | "{18A5818A-7E24-42B0-9767-05FA6B6DCC50}" = lport=138 | protocol=17 | dir=in | app=system | "{1BCD5EE2-D36D-4BB8-81A7-816E2DD8E458}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2ECD2C91-E3E7-41A5-B6FD-601E936DAF08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3CB2370B-D2F7-40AF-9DD0-F61C8B299099}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3E1919E0-CFF7-46BA-965D-294265744EB9}" = lport=2869 | protocol=6 | dir=in | app=system | "{536E6B2E-377C-40CA-9DEF-84D4391554B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6623B43B-345B-4D55-BA14-F5CBCD327B29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{74FBA3F6-4830-46B2-B6D0-5425EC871233}" = rport=445 | protocol=6 | dir=out | app=system | "{848962FF-1FF1-452C-8AEA-0CFFAEC4BFDD}" = lport=2869 | protocol=6 | dir=in | app=system | "{879E6317-87A9-4135-9DA2-9E1A6DEFB773}" = rport=10243 | protocol=6 | dir=out | app=system | "{88433552-4AE9-4D0D-8BFB-B54C7895CB1A}" = lport=139 | protocol=6 | dir=in | app=system | "{A00F6918-7CD7-43B5-B58B-8396CC73D894}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3177956-7032-4034-A995-FE90644A4E39}" = lport=137 | protocol=17 | dir=in | app=system | "{C1617E07-F7BA-4AC4-8C11-695416EAF00A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5540BBA-EFDD-46AE-9355-0D13B637C04A}" = rport=137 | protocol=17 | dir=out | app=system | "{CEB5CE68-AFA0-4D96-A9CE-C69F383B2D94}" = rport=139 | protocol=6 | dir=out | app=system | "{D5AEC7AB-CA71-4EA2-895D-3F2FD0C1E490}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4628E49-B546-4F86-844C-7C14BF038085}" = rport=138 | protocol=17 | dir=out | app=system | "{E8DFB786-B8BD-4A45-A264-5CA6B546A2D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F3E808B2-654D-47D3-B54F-351D267EA49D}" = lport=445 | protocol=6 | dir=in | app=system | "{F4FDDE1B-43C2-4A54-B8F2-B1D2B8DF8155}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EDEE2D7-6422-4A06-A67D-22878AF915A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1428A41E-855C-4659-8DEA-695BCD12B6C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{16495DA6-4897-431F-8C56-692101126997}" = protocol=17 | dir=in | app=c:\users\familie blanke\appdata\roaming\dropbox\bin\dropbox.exe | "{274C6FEC-9CD0-4263-854D-0B5630F50D37}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | "{29B612DB-5B7D-4148-BFD3-6E10F1B9D674}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B3D995A-55EC-4A18-9418-F1A9A49C17CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4F1F6758-06E3-402A-B2E4-1D159E060DAD}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | "{572F4B9A-DC97-4746-BBB2-6D6E5AA97438}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{5E1D6828-0ECE-41E1-8C28-91BE1ADC7747}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{68DB2651-9867-4954-B7EF-C8030BF127E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6C5A1550-006A-4909-A284-ABDD3AB9CE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{75AEB96F-AE65-4A92-BD54-332D8F9AA2A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CC14F46-B5AC-4F4B-8854-0B6689AA4876}" = protocol=6 | dir=in | app=c:\users\familie blanke\appdata\roaming\dropbox\bin\dropbox.exe | "{80F9AEFF-2E3F-49FF-9467-C1E916E7C78C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8D7097F6-CA1A-43A2-94F6-54FAB1E4D1A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8D70AB47-0DAD-455C-870C-7634A336B27E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{94204B12-8C58-4207-873E-A50DB50A78F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A35DA348-91CF-4E9F-953A-746BEAD77DF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A6022294-E47E-494E-9F0F-164B1F345348}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A8E350D4-EE27-481F-A700-7AAEBF861F1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B3550E53-B1C2-48F1-B4FC-EC789F8EE3DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BBC79839-3688-4523-8F19-A8FAF168D7B5}" = protocol=6 | dir=out | app=system | "{BE810436-C9C2-44CC-99BC-D7C90E245BAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0961CEB-6EBB-4825-AC8B-657040BE019A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D27102D0-0B9A-4156-9BBA-C8A4FA07EF73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDE5ED3D-C127-4EC1-A5E5-6F14AEB6FDB7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{E495D60F-004C-428B-9857-C9E6DA4E31A2}" = dir=in | app=c:\program files\itunes\itunes.exe | "{EE1AA7C3-6D6B-4982-BAAC-26CD25C9B335}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{857699CD-5817-4AD7-A096-484C3AFBF8E3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{98656F91-0417-4C79-B4DA-66229BA98DFE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{9B63F52F-30CA-4978-809D-4DD3A4451013}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9FBC8D74-E122-4142-A3EE-554D927E44C6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{3E84332B-87E1-4095-AE8B-97826FA50105}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{6C6A7FD0-7510-4241-BACC-24641F63F5C4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{8670D2C9-1D42-413F-8EB4-D38731E8FC77}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{BC0C8B0E-635F-471F-A6A7-1AD8C25E8BF7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26 "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Aquamarin Haushaltsbuch 2.9.2 b "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007 "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PUBLISHER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_PUBLISHER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_PUBLISHER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_PUBLISHER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010 "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "adawaretb" = Ad-Aware Security Toolbar "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "CCleaner" = CCleaner "EXCEL" = Microsoft Office Excel 2007 "Google Updater" = Google Updater "GoToAssist" = GoToAssist 8.0.0.514 "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "Lernen durch Wiederholung_is1" = Lernen durch Wiederholung 6.2.3 "Logitech Vid" = Logitech Vid HD "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "No23 Recorder" = No23 Recorder "Picasa 3" = Picasa 3 "POWERPOINT" = Microsoft Office PowerPoint 2007 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "PUBLISHER" = Microsoft Office Publisher 2007 "Voctra Azura" = Voctra Azura "WinLiveSuite" = Windows Live Essentials "WORD" = Microsoft Office Word 2007 "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.02.2011 18:52:23 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 21.02.2011 02:56:24 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 21.02.2011 06:42:45 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 23.02.2011 04:10:16 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 25.02.2011 04:10:07 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 26.02.2011 09:17:07 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 27.02.2011 06:58:07 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 28.02.2011 10:01:17 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 28.02.2011 10:10:54 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 01.03.2011 09:37:52 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 10.11.2011 04:35:38 | Computer Name = *** | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 10.11.2011 04:35:38 | Computer Name = *** | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 10.11.2011 04:49:21 | Computer Name = *** | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 01.06.2012 06:42:37 | Computer Name = *** | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 01.06.2012 06:43:36 | Computer Name = *** | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 01.06.2012 06:44:20 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Error - 01.06.2012 06:44:20 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Error - 01.06.2012 06:50:10 | Computer Name = *** | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse 00248C3198F3 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 01.06.2012 06:53:57 | Computer Name = *** | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.06.2012 um 12:53:02 unerwartet heruntergefahren. Error - 01.06.2012 06:54:08 | Computer Name = *** | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse 00248C3198F3 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 01.06.2012 06:56:24 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Error - 01.06.2012 06:56:24 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Error - 01.06.2012 09:19:45 | Computer Name = *** | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.178.25 für die Netzwerkkarte mit der Netzwerkadresse 00248C3198F3 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > Danke schon mal für Eure Hilfe - der Rest folgt! |
|
01.06.2012, 19:21
| #2 |
| /// Malware-holic   | Trojaner_Dropper.Win32.Injector.ezyc hi, hat kaspersky bereits was gelöscht? wenn ja was?
__________________die infektionsquelle: an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann bitte lesen: markusg - trojaner-board.de und mir die soeben erstellte datei zukommen lassen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________ |
|
01.06.2012, 23:39
| #3 |
| | Trojaner_Dropper.Win32.Injector.ezyc Hallo!
__________________Kapersky hat die Datei zunächst in die Quarantäne verschoben. Erst beim erneuten Anklicken der email (als ich sie kopieren wollte), hat Kapersky den Inhalt geblockt. Mein email browser ist AOL, konnte die Mail nicht speichern. Gruß, Mamika999 |
|
01.06.2012, 23:41
| #4 |
| | Trojaner_Dropper.Win32.Injector.ezyc - die Zweite Hier der MER Log File GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-02 00:16:39 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01 Running: fwoyibyy.exe; Driver: C:\Users\FAMILI~1\AppData\Local\Temp\pxdiqkog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9684ABD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9684C52C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9684C782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9684C9FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9684B450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9684BB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9684BF3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9684B5F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9684BE14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9684A7D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9684BCD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9684A992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9684C06E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x9684DCB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9684B0EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9684BD72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9684D6A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x9684E672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9684B752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x9684D734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9684DD64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9684BFDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x9684B4D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9684BEAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9684ADD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9684DCDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9684C110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9684ACFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9684CC3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9684E07C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x9684D9CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9684C49A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9684C360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9684D442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x9684E554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9684B86C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9684B30C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9684CCF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9684D82E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9684E1BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9684E2A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x9684E3C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9684D5CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9684AF4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9684AEA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x9684DF32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9684B02E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9684B1EE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 119 894BA7DC 4 Bytes [D0, AB, 84, 96] .text ntkrnlpa.exe!KeSetEvent + 13D 894BA800 8 Bytes [2C, C5, 84, 96, 82, C7, 84, ...] {SUB AL, 0xc5; TEST [ESI-0x697b387e], DL} .text ntkrnlpa.exe!KeSetEvent + 181 894BA844 4 Bytes [FC, C9, 84, 96] .text ntkrnlpa.exe!KeSetEvent + 1A9 894BA86C 4 Bytes [50, B4, 84, 96] {PUSH EAX; MOV AH, 0x84; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 1C1 894BA884 1 Byte [32] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1668] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1668] C:\Windows\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[1668] USER32.dll!SetScrollInfo + 7A8 76187980 4 Bytes [70, 11, 33, 6C] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2748] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2748] C:\Windows\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe[2748] USER32.dll!SetScrollInfo + 7A8 76187980 4 Bytes [70, 11, 33, 6C] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
03.06.2012, 15:05
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Dropper.Win32.Injector.ezyc Was heißt die zweite? Anderer Rechner? Und hättest du auch die Güte eine Beschreibung zu posten anstatt hier einfach nur ein GMER Log ins Board zu knallen? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.06.2012, 15:56
| #6 |
| | Trojaner_Dropper.Win32.Injector.ezyc Hallo! Ich hatte bereits die Güte ... http://www.trojaner-board.de/116216-...ctor-ezyc.html "Die Zweite" sollte lediglich kenntlich machen, dass es sich um den zweiten Post zum obigen Thread handelt. Gemäß Anweisung habe ich zunächst die ersten log files gepostet und dann in einem neuen Thema gepostet: http://www.trojaner-board.de/69886-a...-beachten.html - Schritt 3: Erstelle ein neues Thema und poste den Inhalt von gmer.txt Aber danke für den überaus netten Hinweis, das ich da vielleicht was falsch verstanden habe! |
|
03.06.2012, 17:12
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Dropper.Win32.Injector.ezyc Ja aber du wurdest doch nicht von Markus aufgefordert einen neuen Strang aufzumachen  Egal, ich schieb jetzt beide zusammen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2012, 17:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Dropper.Win32.Injector.ezyc So, beide Stränge sind jetzt zusammengelegt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2012, 18:05
| #9 |
| | Trojaner_Dropper.Win32.Injector.ezyc |
|
04.06.2012, 09:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Dropper.Win32.Injector.ezyc Schön, dann überlass ich Markus wieder den Strang
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner_Dropper.Win32.Injector.ezyc |
| ad-aware, antivirus, appdata, bho, bingbar, bonjour, bytes, c:\windows, code, corp./icp, datei kann nicht geöffnet werden, driver, email, error, files, firefox, firewall, flash player, format, google earth, harddisk, helper, home, homepage, ide, infiziert., information, install.exe, intranet, kaspersky, langs, log, logfile, microsoft, microsoft office word, mozilla, nicht möglich, nvstor.sys, office 2007, plug-in, port, realtek, registry, rundll, scan, searchscopes, security, service, service pack 2, software, suite, system, system32, tastatur, tcp, temp, test, trojaner, udp, version=1.0, vista, wiederholung |
Linear-Darstellung
