|
Plagegeister aller Art und deren Bekämpfung: Tr/Gataka.D.57 - PC sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.07.2012, 09:25 | #1 |
| Tr/Gataka.D.57 - PC sehr langsam Hallo! seit paar Tagen ist mein PC sehr langsam (v.a. beim Internetsurfen) und Avira zeigt Tr/Gataka.D.57. an. Ich hab schon paar mal versucht, ihn in Quarantäne zu verschieben, aber das hilft nix. Habe Malwarebytes bereits durchgeführt Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.14 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Margit :: MARGIT-PC [Administrator] 07.07.2012 01:23:27 mbam-log-2012-07-07 (01-23-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223449 Laufzeit: 15 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Margit\AppData\Roaming\Identities\{3A2BBAAA-60D8-421E-A920-0A863AA682D6}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\A\46\B8C70d01 JS/Exploit.Pdfka.PMQ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\D\68\A551Ed01 HTML/ScrInject.B.Gen Virus gelöscht - in Quarantäne kopiert C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\F\C5\81AB8d01 JS/Kryptik.PH Trojaner Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Margit\AppData\Local\VirtualStore\Program Files\Spyware Guard 2008\vbase.vdb Win32/Adware.MalwareDefender2009 Anwendung Gesäubert durch Löschen - in Quarantäne kopiert Arbeitsspeicher Variante von Win32/Gataka.B Trojaner viele Grüße und Danke im vorraus, ma88 Geändert von ma88 (07.07.2012 um 10:06 Uhr) |
10.07.2012, 23:24 | #2 |
/// Malware-holic | Tr/Gataka.D.57 - PC sehr langsam hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
11.07.2012, 11:14 | #3 |
| Tr/Gataka.D.57 - PC sehr langsam Hallo,
__________________hab ich gemacht: OTL.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.07.2012 11:06:14 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Margit\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,00% Memory free 6,23 Gb Paging File | 5,17 Gb Available in Paging File | 83,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 42,93 Gb Free Space | 38,37% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 104,65 Gb Free Space | 94,28% Space Free | Partition Type: NTFS Computer Name: MARGIT-PC | User Name: Margit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.06 09:18:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe PRC - [2012.05.08 18:08:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:08:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 18:08:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:08:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.11.20 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE PRC - [2008.01.30 05:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe PRC - [2008.01.02 10:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.12.28 03:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe PRC - [2007.11.15 19:15:16 | 000,251,216 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcsvrcnt.exe PRC - [2007.11.13 12:16:26 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcupdui.exe PRC - [2007.11.01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe PRC - [2007.08.15 05:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe PRC - [2007.08.03 19:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2007.07.24 05:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe PRC - [2007.07.18 08:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.06.28 11:57:52 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe PRC - [2007.06.01 12:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe ========== Modules (No Company Name) ========== MOD - [2008.01.30 05:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe MOD - [2007.12.09 08:08:54 | 002,811,392 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\Resdll.dll MOD - [2007.08.07 02:31:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.06.28 11:57:52 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe MOD - [2006.09.19 02:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.03 20:18:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 18:08:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:08:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2007.08.15 05:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2007.07.24 05:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2007.07.18 08:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService) SRV - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.10.26 12:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2006.04.14 03:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2006.04.14 03:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2005.10.13 20:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC302.sys -- (VMC302) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 18:08:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:08:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.03.12 16:40:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.07 02:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.08.07 02:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.13 02:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2007.02.07 17:57:20 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R) DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2EE36B02-8545-4950-B5CC-5F3EB545CF36}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-divx IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Margit\AppData\Roaming\06039 [2012.06.13 11:52:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.11 11:43:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.29 14:48:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Margit\AppData\Roaming\06039 [2012.06.13 11:52:19 | 000,000,000 | ---D | M] [2008.09.14 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margit\AppData\Roaming\mozilla\Extensions [2012.04.27 22:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions [2012.04.27 22:41:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.15 14:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.14 13:35:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\engine@conduit.com [2011.05.19 23:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.19 23:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2012.06.13 11:52:19 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MARGIT\APPDATA\ROAMING\06039 [2011.09.11 11:43:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.19 23:26:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.10 23:57:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.10 23:57:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.10 23:57:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.10 23:57:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.10 23:57:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.10 23:57:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Epson Stylus SX510W(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Qyisyfubab] C:\Users\Margit\AppData\Roaming\Otfo\putou.exe File not found O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Margit\AppData\Roaming\TeamViewer\{07CA5629-C78E-4080-B009-2E9418EDAF4B}\UpgradeChecker.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Margit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310FB175-C92B-4E17-8C00-841A665AC6AC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74A94B1-C9CC-4CEF-8090-D42A8007CBBD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Margit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Margit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4AADD1F0-17A8-4349-943F-9C7B5E3F9CB4} - Yahoo! Toolbar ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {765BB945-9769-4D3A-BEB3-D868972080C8} - NoIE8Tour ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E6097C7D-AF4E-4985-9A0C-F5611B5818BC} - Yahoo! Search Settings Update ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{DF356B79-C4CB-48FE-A37F-9DA402B270C1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Users^Margit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: avgnt - hkey= - key= - File not found MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Epson Stylus SX510W(Netzwerk) - hkey= - key= - File not found MsConfig - StartUpReg: EPSON SX510W Series - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: spywareguard - hkey= - key= - File not found MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 09:18:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe [2012.07.05 21:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.03 19:43:34 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\Help [2012.07.03 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\Windows Desktop Search [2012.07.03 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\TeamViewer [2012.06.27 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Local\Macromedia [2012.06.13 11:52:19 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\06039 [2012.06.12 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\06038 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Margit\AppData\Roaming\*.tmp files -> C:\Users\Margit\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.11 10:36:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.11 10:35:52 | 000,027,711 | ---- | M] () -- C:\Windows\System32\Config.MPF [2012.07.11 10:34:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.11 10:34:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 10:34:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 10:33:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 10:33:34 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 23:20:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.10 22:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.09 18:44:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.07.09 13:04:01 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2012.07.08 11:33:23 | 000,218,308 | ---- | M] () -- C:\Users\Margit\Desktop\HakenhalterJuli-September.jpg [2012.07.07 15:01:04 | 000,680,250 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.07 15:01:04 | 000,638,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.07 15:01:04 | 000,148,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.07 15:01:04 | 000,120,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.06 09:18:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe [2012.06.26 18:44:54 | 000,213,140 | ---- | M] () -- C:\Users\Margit\Documents\notfall.jpg [2012.06.14 14:54:48 | 000,430,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 12:26:13 | 000,000,032 | ---- | M] () -- C:\Users\Margit\AppData\Roaming\blckdom.res [2012.06.13 12:00:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Margit\AppData\Roaming\*.tmp files -> C:\Users\Margit\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.08 11:33:09 | 000,218,308 | ---- | C] () -- C:\Users\Margit\Desktop\HakenhalterJuli-September.jpg [2012.06.27 09:35:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.26 18:44:54 | 000,213,140 | ---- | C] () -- C:\Users\Margit\Documents\notfall.jpg [2012.06.13 12:00:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.14 21:56:23 | 000,000,032 | ---- | C] () -- C:\Users\Margit\AppData\Roaming\blckdom.res [2011.05.20 20:03:52 | 000,000,034 | ---- | C] () -- C:\Windows\MODUL2.INI [2011.05.06 12:52:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.05.06 12:52:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.05.06 12:52:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.05.06 12:52:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.05.06 12:52:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.05.06 12:52:05 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.05.06 12:52:05 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.05.06 12:52:05 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.05.06 12:52:05 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.05.06 12:52:05 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.05.06 12:52:05 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.05.06 12:52:05 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.05.06 12:52:05 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.05.06 12:52:05 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.05.06 12:52:05 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.05.06 12:52:05 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.05.06 12:52:05 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.05.06 12:52:05 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.05.06 12:52:05 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.07.03 19:02:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.27 21:16:34 | 000,000,048 | ---- | C] () -- C:\Users\Margit\AppData\Roaming\s.cfg [2008.10.09 16:10:20 | 000,000,680 | ---- | C] () -- C:\Users\Margit\AppData\Local\d3d9caps.dat [2008.09.18 14:00:32 | 000,014,848 | ---- | C] () -- C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.05.14 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06034 [2012.05.17 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06035 [2012.05.31 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06036 [2012.06.08 23:09:50 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06037 [2012.06.12 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06038 [2012.06.13 11:52:19 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06039 [2012.05.31 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Akaquh [2011.03.14 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\AliceHilfe [2011.09.06 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\DVDVideoSoft [2011.04.21 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.10 22:08:11 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Epson [2012.05.31 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Esrup [2012.05.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Gedau [2012.05.16 18:19:52 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Hacaaq [2009.03.04 14:52:13 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\IN-MEDIAKG [2012.05.14 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Invyx [2012.05.12 23:39:42 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Ipsei [2012.05.14 21:56:14 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\kock [2012.05.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Kykoiw [2012.05.17 02:18:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Luyw [2012.05.14 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Oqeh [2012.05.31 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Oqyv [2012.05.17 13:05:51 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Otfo [2009.07.30 20:15:56 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\ProtectDisc [2012.05.16 18:19:52 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Qoxy [2012.07.07 01:40:07 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\TeamViewer [2012.05.28 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\UAs [2012.05.31 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Ukipl [2012.05.15 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Uwyhm [2012.05.15 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Vafe [2012.07.03 19:39:20 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Windows Desktop Search [2012.05.28 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\xmldm [2012.07.09 13:04:01 | 000,000,242 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job [2012.04.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2012.05.01 03:34:44 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2012.07.10 23:20:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.09.09 20:02:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.03.12 19:04:23 | 000,000,000 | ---D | M] -- C:\avs contents [2011.01.22 18:34:15 | 000,000,000 | -HSD | M] -- C:\Boot [2012.03.21 20:26:55 | 000,000,000 | ---D | M] -- C:\codec-info [2012.05.10 00:27:13 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.09.09 16:51:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.05 20:52:09 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2011.05.20 20:03:52 | 000,000,000 | ---D | M] -- C:\FBI [2011.05.27 17:25:12 | 000,000,000 | ---D | M] -- C:\MappedFiles [2008.03.12 18:50:19 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.03.12 16:34:49 | 000,000,000 | ---D | M] -- C:\MyWorks [2010.06.04 12:45:12 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.05 21:44:43 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.02 12:00:05 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.09.09 16:51:35 | 000,000,000 | -HSD | M] -- C:\Programme [2008.03.12 16:55:40 | 000,000,000 | ---D | M] -- C:\Samsung [2012.07.11 11:12:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.09.09 20:01:45 | 000,000,000 | R--D | M] -- C:\Users [2012.06.02 12:39:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.03.12 17:57:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2008.03.12 17:59:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2008.03.12 17:59:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2008.03.12 17:59:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2008.03.12 17:57:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2008.03.12 17:57:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 18:25:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b0f802d7\atapi.sys [2008.03.12 18:25:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20541_none_dbb1430d3da06c42\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 18:01:04 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2008.03.12 18:23:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2008.03.12 18:23:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.03.12 18:01:03 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2008.03.12 18:01:03 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.09.16 09:39:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.09.16 09:39:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.09.16 09:39:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.09.16 09:39:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.03.12 17:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.03.12 17:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.03.12 17:02:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.03.12 17:02:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2011.04.23 12:35:29 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll < %USERPROFILE%\*.* > [2012.07.11 11:06:19 | 002,883,584 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT [2012.07.11 11:06:18 | 000,262,144 | -H-- | M] () -- C:\Users\Margit\ntuser.dat.LOG1 [2008.09.09 16:52:17 | 000,000,000 | -H-- | M] () -- C:\Users\Margit\ntuser.dat.LOG2 [2012.07.10 23:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.07.10 23:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.09.09 16:57:32 | 000,524,288 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.09.09 16:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\Margit\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > [/code] und Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.07.2012 11:06:14 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Margit\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,00% Memory free 6,23 Gb Paging File | 5,17 Gb Available in Paging File | 83,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 42,93 Gb Free Space | 38,37% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 104,65 Gb Free Space | 94,28% Space Free | Partition Type: NTFS Computer Name: MARGIT-PC | User Name: Margit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1DEE59DD-8153-4ED9-B0B9-6BBA8EF676CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{22E41C95-2C05-49B6-A11E-D58D4A435FED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{234A0B92-1BFE-422D-B836-FDA889852E92}" = lport=2869 | protocol=6 | dir=in | app=system | "{59602769-78ED-419F-A922-A66A5BB22EBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{59BAB497-DFA9-40FF-BCDF-FF2E71C416B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{617BA9E9-B71C-4C19-A7D6-7238DB045A72}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | "{6E15AB04-937F-4D9B-A190-2379DB5AD037}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{802A58D2-03FF-488C-AF71-F2584AF851E1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{92C41C10-3131-4557-960D-A96AD895501C}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | "{9848AC98-D8AA-436A-915D-618C8C4A50B6}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | "{9E964B03-19B4-4401-8CD0-4ED5D5B998E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2066F9C-C8DE-40EA-8DEC-C9D6BA7B9E2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CB011577-6053-4B59-8EC3-C855543BB980}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | "{D073FA1D-33F6-4C25-8215-9669CA6EC2E7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D1FB9993-7959-4E7A-AA19-379C7AE35C11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D35455B0-C544-48D3-8354-FDE9D3EDCC0D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D5E47C66-ABD9-4345-9526-2AAEF23F7DFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7E4C8B7-2B99-4A01-BA2F-4C420E30B974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EA02F1D6-45B3-4ADE-8E02-CF855778B359}" = rport=2869 | protocol=6 | dir=out | app=system | "{EA09145F-7209-410B-9B1E-83CA4B3E292F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F697D19E-EBA2-4D60-8F82-8796954566E7}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlanwlancfg\dlanwlancfg.exe | "{F941330E-0946-4720-A006-31E1627D1001}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00803CA8-5906-4058-AAD5-6A1597E126A6}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{1A350546-2DF2-4E2F-A56A-D1DC86E72397}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2006CCEE-282F-47CB-A33C-5DD5854523F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39E52C77-BF73-4AE1-8EA3-5A7B5E9EF627}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{4F12C52E-B3AD-47D6-90FB-4AFE455C1476}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{50DE16DB-92F4-4717-B1DC-97C00EEB669E}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{5700B01D-00F5-44C0-B442-FF4AE5B7A697}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{77F8C253-E2CC-4B72-8332-58D28C4717BF}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{848B42E4-F17C-4693-84D9-C7871E295AFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A273A860-6A62-4E7A-A4F6-9BB1C6CC6667}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{C5579399-8659-43A9-AC99-DD47AC4384EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DDB85064-4A5A-41D0-AE1A-E33A762CBAA7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "TCP Query User{565F0CBC-C5B2-4CB3-930E-8EC4FC466D0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{65CA7AB5-D8D0-4A95-AB15-23A317EA0138}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6AD3AFF0-DACF-4AA4-B328-E42AED05D898}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{78C52376-D0A0-4CD4-95B3-706B801D32D3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{BE2303B3-8F15-486F-8BB7-6BB67AE4E494}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{C5452181-492C-4CF6-B49B-37C9F7A65FF8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{5D670393-D5F7-416F-ADB0-ABC0FAE20C1E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{5F13D660-8E4F-482A-9CAD-0D7A96B1D082}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7BCA53A8-80E8-4A92-BAA8-EF6114D65281}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{D640CCA0-024F-4124-85A7-7FAF5D7354D6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F77A595B-44EE-44E7-8A30-9DF72023FB70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{F8467B77-268B-4DE6-973C-7CE2CB2DCE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech "{09C07EA5-2B33-D6A8-82EE-96E2EFB50933}" = Catalyst Control Center Localization German "{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech "{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese "{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II "{15343122-1A4C-84D1-F14C-19DAD9C3E170}" = Catalyst Control Center Localization Chinese Traditional "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{230441A3-AEFA-1008-6874-E00CCD863C1B}" = ccc-utility "{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{26E0A023-F45C-F529-D820-180FDAFA2CF5}" = Catalyst Control Center Localization French "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 "{4E271D3B-6105-525A-885D-72330974AABF}" = Catalyst Control Center Localization Spanish "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{535D722D-3CD3-7B2B-0D2A-8205AB81702D}" = Catalyst Control Center Localization Italian "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{583ACB37-3139-562A-6279-0158480F2277}" = Catalyst Control Center Localization Japanese "{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German "{5F6A4850-DDBE-DA71-0B73-10170D2A4E55}" = Catalyst Control Center Localization Korean "{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish "{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D69A81D-B087-BFB2-DD8C-EF5FF34FBEC1}" = Catalyst Control Center Localization Norwegian "{6EDE839E-B81A-28F0-5A7D-51A7128A1FD5}" = Catalyst Control Center Localization Greek "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish "{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish "{74641F41-CE39-EA12-CD69-6903FD17544C}" = Catalyst Control Center Localization Turkish "{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New "{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian "{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish "{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B14B6B8-342F-9556-46CA-D948734245D6}" = Catalyst Control Center Localization Dutch "{8BF358A1-F53D-FF72-C844-FC4A4CE79B97}" = Catalyst Control Center Localization Hungarian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{92C8DAA6-A0FA-DBDE-0464-5BEFAB4AB1B4}" = Catalyst Control Center Localization Chinese Standard "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AD4CEE8C-0AF0-B4B2-D64B-7CCF70BD60B6}" = Catalyst Control Center Localization Russian "{AE5906D7-1980-EA3B-711E-4BA92F0B70AA}" = Catalyst Control Center Localization Swedish "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF2F91EE-EF88-DB9A-5A0F-6E8B8C8901EA}" = Catalyst Control Center Localization Thai "{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BE52510A-0CC8-EB71-9405-07E2B369526E}" = Catalyst Control Center Localization Portuguese "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0 "{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian "{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian "{DF85F51D-6908-5B09-FA13-5B3376C640E1}" = Skins "{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista "{E63BD217-4154-3693-595B-0A6F38C611C1}" = Catalyst Control Center Localization Danish "{E9EFEA79-C84D-45BA-7037-4DC356790BF8}" = ccc-core-static "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA340E1B-0840-8F61-32CF-7A5A99A2C854}" = Catalyst Control Center Localization Polish "{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "{FE6D4D2B-154C-1485-81B8-D2F6F5C5CF30}" = Catalyst Control Center Localization Finnish "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Agfa ScanWise 1.20" = Agfa ScanWise 1.20 "AliceHilfe 1.0.0.1" = AliceHilfe "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007 "Corel Uninstaller" = Corel Uninstaller "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dlanconf" = devolo dLAN-Konfigurationsassistent "dlanwlancfg" = devolo dLAN Wireless extender Konfiguration "dslmon" = devolo Informer "easyshare" = devolo EasyShare "EPSON Printer and Utilities" = EPSON-Drucker-Software "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch "EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series "ESET Online Scanner" = ESET Online Scanner v3 "FotoWorks XL_is1" = FotoWorks XL "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815 "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mediscript-CD GK1" = Mediscript-CD GK1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "MSC" = McAfee SecurityCenter "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.07.2012 15:08:04 | Computer Name = Margit-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.07.2012 15:08:04 | Computer Name = Margit-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2012 16:54:34 | Computer Name = Margit-PC | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei C:\Users\Margit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMQWQPPM\7-FW-jpg_103600[1].jpg. [ACCESS_VIOLATION Exception!! EIP = 0x1ae6632] Bitte Avira informieren und die obige Datei übersenden! Error - 08.07.2012 19:07:20 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621 Description = Error - 09.07.2012 05:47:50 | Computer Name = Margit-PC | Source = System Restore | ID = 8193 Description = Error - 09.07.2012 05:47:50 | Computer Name = Margit-PC | Source = System Restore | ID = 8210 Description = Error - 09.07.2012 15:49:46 | Computer Name = Margit-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1714 Anfangszeit: 01cd5e047792b5a0 Zeitpunkt der Beendigung: 22 Error - 09.07.2012 18:01:05 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621 Description = Error - 10.07.2012 17:20:02 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621 Description = Error - 11.07.2012 04:34:53 | Computer Name = Margit-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung E_FBINABE.EXE, Version 4.2.0.0, Zeitstempel 0x40458740, fehlerhaftes Modul ADVAPI32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03717, Ausnahmecode 0xc0000005, Fehleroffset 0x00015aab, Prozess-ID 0x968, Anwendungsstartzeit 01cd5f400a48a01b. [ OSession Events ] Error - 12.10.2008 18:13:55 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34742 seconds with 480 seconds of active time. This session ended with a crash. Error - 11.02.2009 20:22:07 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 599 seconds with 420 seconds of active time. This session ended with a crash. Error - 08.03.2009 09:56:41 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 116 seconds with 0 seconds of active time. This session ended with a crash. Error - 13.10.2009 07:29:04 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 246 seconds with 180 seconds of active time. This session ended with a crash. Error - 06.01.2011 12:01:07 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.07.2012 05:05:08 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:06:13 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:09:31 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:15:09 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:22:48 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:35:02 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:50:11 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:55:15 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:56:59 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 11.07.2012 05:59:09 | Computer Name = Margit-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. < End of report > [/code] Danke fürs Helfen... |
11.07.2012, 21:28 | #4 |
/// Malware-holic | Tr/Gataka.D.57 - PC sehr langsam hi nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.07.2012, 21:53 | #5 |
| Tr/Gataka.D.57 - PC sehr langsam Ne, kein onlinebanking o.ä. Wichtig wären 'nur' die Sachen fürs Studium. Ist's schlimm? Weil eigtl funktioniert er seit So komischerweise wieder ganz gut... Geändert von ma88 (11.07.2012 um 22:07 Uhr) |
14.07.2012, 12:23 | #6 |
/// Malware-holic | Tr/Gataka.D.57 - PC sehr langsam ja, diese malware stiehlt sensible daten, und ist je nach angreifer und ziel nach belieben erweiterbar. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ --> Tr/Gataka.D.57 - PC sehr langsam |
15.07.2012, 19:38 | #7 |
| Tr/Gataka.D.57 - PC sehr langsam ohje, trotzdem vielen dank schon mal! bin die woche ziemlich im stress und schaff's erst ab wochenende mich der angelegenheit genauer zu widmen... dauert also bisschen, bis ich mich wieder melde! bis dahin viele grüße! |
Themen zu Tr/Gataka.D.57 - PC sehr langsam |
administrator, anti-malware, appdata, autostart, avira, code, dateien, dateisystem, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, ide, langsam, malwarebytes, microsoft, pc sehr langsam, quarantäne, roaming, sehr langsam, service, service pack 2, software, speicher, surfen, tr/gataka.d.57, verschieben, version, vista |