![]() |
|
Log-Analyse und Auswertung: Trojaner TR/TDss.abx und TR/Alureon, Dateien wegWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Hallo zusammen, ich bin kein großer Computerfachmann, aber ich versuche es trotzdem mal in diesem Forum und hoffe, dass ich sowohl meine Problembeschreibung vernünftig hinbekomme, vor allem aber auch eure möglichen Antworten verstehe! Am Donnerstag Nachmittag meldete Avira einen Sicherheitshinweis, danach ging alles ganz schnell, innerhalb weniger Sekunden/Minuten verschwanden die meisten Icons von meinem Desktop und ein Pop-up "Write Fault Error" öffnete sich gefühlte 100x. Ich habe dann den Laptop heruntergefahren. Als ich ihn wieder hoch gefahren hab, war der Desktophintergrund schwarz und alle eigenen Dateien sind weg bzw. nicht mehr sichtbar, alle Ordner sind leer. Da ich nun gar nicht weiß, wie ich am besten vorgehe, befolge ich gerade die Schritte, die hier "für alle Hilfesuchenden" angezeigt werden. Es wäre schön, wenn ihr dazu Kommentare/Tipps abgeben könntet. OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.09.2012 13:20:12 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Chrissi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free 6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32 Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe PRC - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe PRC - [2012.09.20 21:01:18 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe PRC - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe PRC - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.26 09:26:46 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.08.12 12:00:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:40:29 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.01.11 19:27:46 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE PRC - [2011.07.13 22:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008.11.06 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.21 13:51:47 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2008.07.25 09:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 04:25:31 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:24:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe PRC - [2008.01.21 04:23:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.11.02 12:31:24 | 000,069,632 | -H-- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [1999.04.23 22:45:44 | 008,441,907 | R--- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\WINWORD.EXE PRC - [1999.03.05 23:26:12 | 000,753,703 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Artgalry\ARTGALRY.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe MOD - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe MOD - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.01.27 11:02:32 | 000,569,344 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007.11.02 12:36:16 | 000,048,208 | -H-- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.11.02 12:28:16 | 000,434,176 | -H-- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.11.02 12:28:04 | 001,077,248 | -H-- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.11.02 12:27:48 | 000,532,480 | -H-- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.11.02 12:27:40 | 000,061,440 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.11.02 12:27:28 | 000,016,896 | -H-- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.11.02 12:27:26 | 000,013,824 | -H-- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe MOD - [1999.02.02 01:39:14 | 000,073,785 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGR.DLL MOD - [1999.02.01 22:10:52 | 000,057,403 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGRPS.DLL ========== Services (SafeList) ========== SRV - [2012.09.20 21:01:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.07.25 09:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 20:40:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:40:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.13 22:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2011.07.13 22:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2011.07.13 22:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studi-vz.de/hxxp://www [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [r9VEbHteCG314G] C:\ProgramData\r9VEbHteCG314G.exe () O4 - HKCU..\Run: [SjaPfXBKSlE.exe] C:\ProgramData\SjaPfXBKSlE.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.22 13:19:37 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.22 13:09:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.22 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes [2012.09.22 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 09:14:31 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.09.20 16:47:35 | 000,000,000 | -H-D | C] -- C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery [2012.09.14 06:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.01.28 13:32:02 | 059,218,544 | -H-- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Chrissi\ElsterFormular-13.0.0.8086p.exe [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.22 13:26:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.22 13:18:40 | 000,000,000 | ---- | M] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.22 13:09:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 13:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.22 12:30:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 12:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.22 12:30:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.21 22:51:00 | 000,000,611 | -H-- | M] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.21 22:50:55 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A6916323-0D5C-4C98-A24C-DFAC802B17CD}.job [2012.09.20 16:57:53 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.20 16:57:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.20 16:57:53 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.20 16:57:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:35 | 000,000,368 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe [2012.09.20 16:45:32 | 000,070,375 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe [2012.09.18 06:40:48 | 000,391,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.08 17:59:24 | 000,465,898 | -H-- | M] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.09.07 22:08:27 | 000,078,848 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 17:07:02 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chrissi.job [2012.09.05 15:28:56 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.22 13:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:34 | 000,050,477 | ---- | C] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:09:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 22:51:00 | 000,000,611 | -H-- | C] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:30 | 000,000,368 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.20 16:47:26 | 000,278,528 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G.exe [2012.09.20 16:27:57 | 000,381,952 | -H-- | C] () -- C:\ProgramData\SjaPfXBKSlE.exe [2012.09.08 17:59:20 | 000,465,898 | -H-- | C] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.04.24 18:35:07 | 000,431,054 | -H-- | C] () -- C:\Users\Chrissi\Girls'Day 1.pdf [2012.04.05 22:31:47 | 006,655,589 | -H-- | C] () -- C:\Users\Chrissi\Xperia ray.pdf [2012.01.07 13:55:19 | 019,738,624 | -H-- | C] () -- C:\Users\Chrissi\epson373282eu.exe [2012.01.07 13:54:39 | 019,914,752 | -H-- | C] () -- C:\Users\Chrissi\epson373062eu.exe [2011.10.07 18:43:33 | 000,000,680 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\d3d9caps.dat [2011.08.17 12:52:04 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Vbis4032.dll [2011.04.30 10:53:49 | 001,489,288 | -H-- | C] () -- C:\Users\Chrissi\setup_dm_Fotowelt.exe [2010.11.18 18:33:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.13 18:17:24 | 000,254,903 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin [2010.10.19 11:10:47 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2010.10.03 11:39:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.10.03 11:39:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.10.03 11:39:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.10.03 11:39:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.10.03 11:39:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.10.03 11:39:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.10.03 11:39:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.10.03 11:39:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.10.03 11:39:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.10.03 11:39:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.10.03 11:39:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.10.03 11:39:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.10.03 11:39:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.10.03 11:39:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.10.03 11:39:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.08.05 10:05:30 | 000,001,115 | -H-- | C] () -- C:\Users\Chrissi\Meine Karstadt-Fotowelt.lnk [2009.05.06 16:55:00 | 000,001,024 | -H-- | C] () -- C:\Users\Chrissi\.rnd [2009.01.28 19:38:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.27 12:24:11 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.09.27 11:30:24 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.09.15 20:34:30 | 000,000,202 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\default.pls [2008.09.13 18:26:16 | 000,078,848 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.13 18:08:22 | 000,000,098 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png [2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png [2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png [2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png [2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png [2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png [2010.05.05 20:05:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png [2010.05.05 20:05:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png [2010.05.05 20:05:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png [2010.05.06 06:00:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png [2010.05.06 06:00:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png [2010.05.06 06:00:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png [2011.12.04 00:27:08 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\LocalLow\Microsoft\Silverlight\is\4bsboea4.cfx\mmrfzxpv.vgg\1\l [2009.12.13 16:19:55 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ULZ8C7KZ\a69.g.akamai.net\n [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2011.08.19 11:23:28 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\46developments [2011.07.02 18:39:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Audacity [2008.09.14 12:06:05 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Buhl Data Service GmbH [2011.11.16 18:21:14 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft [2011.11.16 18:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.28 13:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\elsterformular [2012.01.10 18:37:51 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Epson [2009.01.27 15:59:29 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Phase6 [2011.12.05 23:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies [2011.12.05 22:32:09 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies Inc [2010.11.18 18:36:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Softland [2012.04.07 15:00:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Sony [2008.09.13 18:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Template [2008.09.17 19:15:49 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Ulead Systems ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.09.2012 13:20:12 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Chrissi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free 6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32 Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Meine Karstadt-Fotowelt] -- "C:\Program Files\Karstadt\Meine Karstadt-Fotowelt\Meine Karstadt-Fotowelt.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2986DBE1-539F-4A24-8605-50906E3E6605}" = lport=139 | protocol=6 | dir=in | app=system | "{3BA6854B-406C-414D-8EAD-6876C2FB4C3B}" = rport=137 | protocol=17 | dir=out | app=system | "{49211DFC-C1BF-429C-B248-E05E6BFB2D49}" = rport=138 | protocol=17 | dir=out | app=system | "{5D7C00D1-76E2-4C7F-9BA9-8FCCA8BC51AE}" = rport=139 | protocol=6 | dir=out | app=system | "{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system | "{69BB0572-1F0F-47A3-A6BC-1C5E144EFD5C}" = lport=137 | protocol=17 | dir=in | app=system | "{72AA26A7-DF78-41CC-A663-1EAC7C9B9F81}" = lport=445 | protocol=6 | dir=in | app=system | "{78288CB0-BCC9-4987-AC4E-85CD408BF19E}" = rport=445 | protocol=6 | dir=out | app=system | "{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B6B37C10-3EF5-4A2B-A3DC-7AC2206877EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E446AA6E-A891-4E50-B539-8D8C651A891F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC8B80C7-A86F-4DCC-86AD-44D8DF33C6D2}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{21A41C95-340F-4AD5-91FE-19B069C77A68}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{2481B520-747C-49E5-89DC-B27BFA2A7C97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{29940B74-9F36-4EE6-AFEC-2731CCD30CBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{46F80359-F09E-4F45-AF63-9309D9D2CC59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4D6050F4-AE2F-45EB-BFCD-1EA0ABD83211}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | "{4DE66C25-8709-43BB-BFF6-13D1A3AB6FC7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{723D9645-0B50-4D20-BD0D-18EF3F7EFA42}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | "{7CC1350B-04C1-4954-AFB7-FE17A95645B6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | "{86DA8028-FE04-41BC-BEFE-78B2D0F6AFF6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | "{8CD10789-218B-45CE-8FB0-6B4FAAC0A31F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{99B0D0DC-CE6B-4AE6-B59C-4F687E19E4A3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | "{9B1E5950-8A48-4E4B-8824-68218A65B604}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{9B72487C-ECA1-43B5-BAB8-037BA06EF652}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{A7A68435-AAE2-413C-9A39-6924112AF550}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | "{AA57ACA5-4A62-4FD2-BE7A-3C53CBAF7816}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B6E2F143-CF8A-4098-9B9D-7EDF6064B165}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C3040D99-D579-4FB0-8A2E-3A10811FC52A}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | "{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{D1402EB9-87AB-4A44-96AD-DB05CFC9067C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E61870C5-833E-4C2D-8882-BAF8A98A7CA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{EDCBDED3-ED6C-4742-B65B-ABC578A00BF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EF32D63C-C16A-4284-A80B-9B2C907C617D}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{EFB5CCC4-CC4F-46B6-8D28-2E2A6B0FE95B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | "TCP Query User{30DC8663-9DA8-4015-826C-03EA2F9AD995}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{851B0A43-F1E5-4D41-9794-B62857D68DA8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{87CEF52A-835D-43E4-BD3B-608FE79F77BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{9AFF63F8-4E0E-43F9-A9C8-E8E648F72199}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | "TCP Query User{BFBBB392-5BEB-4E7D-98BF-0D5B4BA63125}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | "TCP Query User{C594A663-8F8F-40B1-9CC9-C2901980DA2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2852B6F4-54D4-4A54-BA79-CEC08AC9DF58}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{42FF2B10-74C5-4FB4-B0B2-75390C29142D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{6E47E554-2289-4495-A86B-99308008B472}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | "UDP Query User{869A46F5-381E-47E0-BF06-532363643D5B}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | "UDP Query User{9990081F-FBD3-451B-ADE6-24882C1FDC2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9A04AF51-AC93-4150-A75D-33EDB7332258}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials "{1EEC3AE8-BF60-4123-9E14-8C9750256F1D}" = Sprachtrainer Red Line 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{460C1164-8857-45B4-82F0-EBBAB790D086}" = Rund um (2.0) ... Demokratie heute 5-6 NRW "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4 "{59D4F411-9675-406B-9BC1-F0D7ACBE2529}" = Rund um (2.0) ... Demokratie heute 7-8 NRW "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65B73529-4493-40AA-A82F-81CC7B8C06CF}" = Red Line 4 Sprachtrainer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{835EB248-97A4-4B32-88A1-4AAB8527C536}" = Rund um (2.0) ... Demokratie heute 9-10 NRW "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts "{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Aldi Foto Service" = Aldi Foto Service 4.6 "Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7 "ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira Free Antivirus "Clarity recorder" = Clarity recorder "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dm-Fotowelt" = dm-Fotowelt "doPDF 7 printer_is1" = doPDF 7.1 printer "ElsterFormular 13.0.0.8086p" = ElsterFormular "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall "EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series "EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series "EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "KlassenManager 3.0" = KlassenManager 3.0 "Klett Lehrersoftware Red Line (Band 2)" = Klett Lehrersoftware Red Line (Band 2) "Klett Lehrersoftware Red Line (Band 3)" = Klett Lehrersoftware Red Line (Band 3) "Klett Lehrersoftware Red Line (Band 4)" = Klett Lehrersoftware Red Line (Band 4) "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Meine Karstadt-Fotowelt" = Meine Karstadt-Fotowelt "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "RealPlayer 6.0" = RealPlayer "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "Update Engine" = Sony Ericsson Update Engine "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.09.2012 11:46:35 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b, fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018, Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d, Prozess-ID 0x15c0, Anwendungsstartzeit 01cd967de590e731. Error - 20.09.2012 09:14:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10 Description = Error - 20.09.2012 10:47:08 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10 Description = Error - 20.09.2012 12:29:06 | Computer Name = Chrissi-PC | Source = VSS | ID = 8194 Description = Error - 20.09.2012 14:09:58 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10 Description = Error - 21.09.2012 16:49:41 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2012 06:31:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2012 06:32:48 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.9.0, Zeitstempel 0x493788e3, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x02020202, Prozess-ID 0xfbc, Anwendungsstartzeit 01cd98ad4f0ca7dc. Error - 22.09.2012 06:34:06 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung appverif.exe, Version 6.2.8400.0, Zeitstempel 0x4fb70b44, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc, Ausnahmecode 0xc0000022, Fehleroffset 0x00009cfc, Prozess-ID 0x15b4, Anwendungsstartzeit 01cd98adc2c7076c. Error - 22.09.2012 06:36:10 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b, fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018, Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d, Prozess-ID 0x1724, Anwendungsstartzeit 01cd98adcccd502c. [ System Events ] Error - 21.09.2012 16:48:09 | Computer Name = Chrissi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 20.09.2012 um 21:14:12 unerwartet heruntergefahren. Error - 21.09.2012 16:48:14 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016 Description = Error - 21.09.2012 16:50:11 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.09.2012 16:51:56 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7009 Description = Error - 22.09.2012 02:33:43 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016 Description = Error - 22.09.2012 02:35:20 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016 Description = Error - 22.09.2012 06:30:10 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016 Description = Error - 22.09.2012 06:31:19 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.09.2012 06:35:54 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022 Description = Error - 22.09.2012 06:38:00 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > Ich habe ein 32 bit System, der GMER Scan läuft gerade auf dem beschädigten Laptop. Daten stelle ich dann gleich hier rein. Wie geh ich denn jetzt überhaupt weiter vor? Vielen Dank schonmal für eure Hilfe! Geändert von ChristinaXXX (22.09.2012 um 14:02 Uhr) |
Themen zu Trojaner TR/TDss.abx und TR/Alureon, Dateien weg |
antivir, bonjour, browser, conduit, dateien weg, demokratie, downloader, education, flash player, homepage, hotkey.sys, install.exe, intranet, launch, ntdll.dll, plug-in, pum.hijack.startmenu, realtek, security, senden, softonic deutsch toolbar, software, svchost.exe, tr/tdss.abx, trojan.fakealert, trojan.foury, trojaner, win32/adware.hddrescue.ab, win32/kryptik.amdf, win32/toolbar.asksbar, xperia |