|
Plagegeister aller Art und deren Bekämpfung: System Progressive Protection 3.7.10Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.10.2012, 10:39 | #1 |
| System Progressive Protection 3.7.10 Habe mir mal wieder einen Trojaner eingefangen. Log Datei von Malwarebytes: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.08.03 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19328 **** :: ****** [Administrator] 11.10.2012 10:21:12 mbam-log-2012-10-11 (10-21-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400805 Laufzeit: 55 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 5 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$a77e64fdc5df9b90fe6a8cc0bc618b11\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2968805891-2608667851-174175103-1000\$a77e64fdc5df9b90fe6a8cc0bc618b11\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 8 C:\$Recycle.Bin\S-1-5-18\$a77e64fdc5df9b90fe6a8cc0bc618b11\n (Trojan.0Access) -> Löschen bei Neustart. C:\$Recycle.Bin\S-1-5-18\$a77e64fdc5df9b90fe6a8cc0bc618b11\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$a77e64fdc5df9b90fe6a8cc0bc618b11\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$a77e64fdc5df9b90fe6a8cc0bc618b11\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-2968805891-2608667851-174175103-1000\$a77e64fdc5df9b90fe6a8cc0bc618b11\n (Trojan.0Access) -> Löschen bei Neustart. C:\ProgramData\711D2201DD3DA19700F9711C2988432E\711D2201DD3DA19700F9711C2988432E.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FLV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ist das Tierchen damit erlegt - oder bedarf es weiterer Schritte? Aktuell lasse ich Malwarebytes noch einmal vollständig drüberlaufen. DANKE im Voraus für Eure Hilfe. Ergänzung: Hier noch die OTL-Text-Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 11:56:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FLV\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,39% Memory free 4,24 Gb Paging File | 3,02 Gb Available in Paging File | 71,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 325,12 Gb Total Space | 184,45 Gb Free Space | 56,73% Space Free | Partition Type: NTFS Drive D: | 10,22 Gb Total Space | 1,41 Gb Free Space | 13,80% Space Free | Partition Type: NTFS Computer Name: *** | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\FLV\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) PRC - C:\Programme\GO! Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd) PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec) PRC - C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Belkin\F1U201.401\usbshare.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2955.38824__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2955.38783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2955.38836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2955.38998__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2955.38965__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2955.38815__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2955.38924__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2955.38802__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2955.39027__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2955.38973__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2955.39033__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2955.38978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2955.38796__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2955.39051__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2955.38972__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2955.39025__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2955.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2955.38991__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2955.38848__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2955.38926__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2955.38803__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2955.38919__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2955.38843__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2955.38947__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2955.38925__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2955.38853__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2955.38946__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2955.38958__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2886.28852__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2955.38810__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2955.39018__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2955.38775__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2955.39017__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2955.39044__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2955.38773__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2955.38790__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2955.38775__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2955.38775__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2955.38774__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2955.39018__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll () MOD - C:\Programme\Belkin\F1U201.401\usbshare.exe () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (DLPWD) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (Norton Ghost) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SymSnapService) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec) SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (DLSDB) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NTIDrvr) -- C:\Program Files\muvee Technologies\muvee autoProducer 6.1 File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (CdaC15BA) -- C:\Windows\System32\drivers\CDAC15BA.SYS () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation) DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation) DRV - (symsnap) -- C:\Windows\System32\drivers\symsnap.sys (StorageCraft) DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (Gigusb) -- C:\Windows\System32\drivers\Gigusb.sys (Siemens AG) DRV - (DectEnum) -- C:\Windows\System32\drivers\DectEnum.sys (Siemens AG) DRV - (siellif) -- C:\Windows\System32\drivers\siellif.sys (Siemens AG) DRV - (IUAPIWDM) -- C:\Windows\System32\drivers\IUAPIWDM.sys (SIEMENS AG) DRV - (HRCMPA) -- C:\Windows\System32\drivers\hrcmpa.sys (SIEMENS AG) DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin) DRV - (USB100) -- C:\Windows\System32\drivers\USB100.sys (ELECOM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {F240E773-5216-43D7-9A5A-6399A5988F02} IE - HKLM\..\SearchScopes\{964BA790-A103-4082-8A09-E6B061BEDC48}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{F240E773-5216-43D7-9A5A-6399A5988F02}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\..\SearchScopes,DefaultScope = {F240E773-5216-43D7-9A5A-6399A5988F02} IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\..\SearchScopes\{1F321E1B-EFA9-4014-AA94-5E3F36879A23}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\..\SearchScopes\{964BA790-A103-4082-8A09-E6B061BEDC48}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\..\SearchScopes\{F240E773-5216-43D7-9A5A-6399A5988F02}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [OMEA] C:\Programme\GO! Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2968805891-2608667851-174175103-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-2968805891-2608667851-174175103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4240556B-4D08-4A18-889A-C0EE7E48156F}: NameServer = 195.50.140.246 195.50.140.114 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\FLV\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\FLV\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.11 07:11:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{86a28485-a5ff-11e0-b70a-d65e0ce64fa0}\Shell - "" = AutoRun O33 - MountPoints2\{86a28485-a5ff-11e0-b70a-d65e0ce64fa0}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 11:33:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.11 09:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\711D2201DD3DA19700F9711C2988432E [2012.10.10 10:10:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 10:10:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 10:10:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.24 08:38:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.24 08:38:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.24 08:38:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.24 08:38:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.24 08:38:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.09.24 08:38:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.09.24 08:38:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.09.24 08:38:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.09.24 08:38:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.24 08:38:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.24 08:38:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.09.24 08:38:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.09.24 08:38:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.24 08:38:46 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.09.24 08:38:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.09.24 08:38:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.09.24 08:38:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.09.24 08:38:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe ========== Files - Modified Within 30 Days ========== [2012.12.31 17:32:44 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E54E816-23C6-4B26-A2C5-A9DB4E203EBC}.job [2012.10.11 11:33:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.11 11:24:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 11:24:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 11:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 09:30:57 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.10.09 14:06:46 | 000,000,065 | ---- | M] () -- C:\Windows\WISO.INI [2012.10.08 14:19:45 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 16:17:46 | 000,089,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.04 16:17:46 | 000,025,794 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.04 16:17:46 | 000,016,220 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.04 16:17:46 | 000,007,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.13 15:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files Created - No Company Name ========== [2012.07.17 13:44:58 | 000,033,827 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.02.07 11:02:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2012.02.07 11:02:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.10.24 08:15:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.18 11:15:04 | 000,988,651 | ---- | C] () -- C:\Users\FLV\Checkliste Unity Media0001.pdf [2010.11.08 15:36:02 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS [2008.07.17 10:19:29 | 000,010,752 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.16 13:14:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.16 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ecysl [2011.10.07 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2008.10.30 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011.04.11 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2012.09.05 14:26:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.09.06 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FolderSync [2012.08.06 12:50:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.07.17 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.04.04 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2008.09.04 10:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MGS [2009.01.15 07:22:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies [2010.04.26 09:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OTi [2010.04.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OutlookSync [2011.10.24 08:15:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2008.10.01 11:18:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Panel [2009.03.25 18:20:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.05.15 09:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uxawo [2010.03.19 05:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F < End of report > und die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.10.2012 11:56:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FLV\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,39% Memory free 4,24 Gb Paging File | 3,02 Gb Available in Paging File | 71,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 325,12 Gb Total Space | 184,45 Gb Free Space | 56,73% Space Free | Partition Type: NTFS Drive D: | 10,22 Gb Total Space | 1,41 Gb Free Space | 13,80% Space Free | Partition Type: NTFS Computer Name: HANNES | User Name: FLV | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2968805891-2608667851-174175103-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 2 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01EF7E36-5E23-96E5-C195-CB45880AB805}" = CCC Help Czech "{0238C5F4-A485-DE76-530F-F467AFACD7AC}" = Catalyst Control Center Localization Chinese Traditional "{039DB2DA-151D-8AF8-1BC8-B7E7157180A0}" = CCC Help French "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{096FE185-BF9B-4DF1-92E5-B370E9FD4840}" = GO! Suite "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0D705D16-064C-BAA6-C4E1-067F9DC2A477}" = Catalyst Control Center Localization Hungarian "{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware "{11C97ACD-BD9C-027A-B490-67C5D6FCB14E}" = Catalyst Control Center Localization French "{133A778F-13AD-A1B4-57DB-74D6DF2D0519}" = CCC Help Turkish "{13EFD013-6DD3-F5F4-F357-A95AA12C8A70}" = Catalyst Control Center Localization Greek "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7 "{23D6E5AB-18D1-A6A1-69D0-F8D717B22306}" = CCC Help Portuguese "{240D1D4E-099E-8A4C-6A4C-241C60DB1863}" = CCC Help Dutch "{24B62B98-A210-1AF0-10DE-630538BB150D}" = Catalyst Control Center Graphics Full New "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{25D1518C-B7C1-53C6-10E1-C06B340302FC}" = CCC Help Chinese Standard "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{28FC4B8A-7FA5-B078-E25B-1D60BA1B135B}" = Catalyst Control Center Localization German "{2A31318A-C9F8-482E-6860-F738D8A9A94B}" = CCC Help Korean "{2ABD2125-CBBE-4E11-3573-D1F088BD2594}" = Catalyst Control Center Localization Italian "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{352EA20F-C3F5-A2C4-5A63-472AF1FD87B5}" = Catalyst Control Center Graphics Previews Common "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D066F3A-48BA-E6BC-4C8A-0477FCE8DA87}" = Catalyst Control Center Localization Russian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B3C7239-11B9-F8F3-0303-897538F3CFC8}" = Catalyst Control Center Core Implementation "{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1 "{5587AD4E-2A66-C0A5-95C9-7D04683BEECB}" = Catalyst Control Center Localization Japanese "{5BD715FA-CAAF-D30D-2613-22776086B382}" = CCC Help Finnish "{61F09589-4A31-B31D-2BE1-AC2A65583180}" = Catalyst Control Center Localization Dutch "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{671EEC45-A4AF-6E57-9808-F887CB1F5EE3}" = Catalyst Control Center Localization Swedish "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6AC3C209-610A-0799-7A5A-486AB7B0D8E1}" = ccc-core-static "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{734E5DD4-912F-A7CF-3945-ABDB768CEB34}" = Skins "{737CABA8-7A6C-C777-B568-285DAD5E90BC}" = CCC Help Thai "{73E82A61-DB85-A0A9-B09B-C480059F58EE}" = Catalyst Control Center Graphics Light "{741F918D-A8F8-E6CD-8A6E-12BCC47F952D}" = Catalyst Control Center Localization Chinese Standard "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6 "{82984E09-F0F7-60F2-8C6E-BCDB23FC0283}" = CCC Help Norwegian "{8800D4DB-33F1-DF48-F5FA-3F8A8D46D5D9}" = Catalyst Control Center Localization Portuguese "{899DA790-A271-6A1D-D7DC-573900BC4047}" = CCC Help German "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B8433F3-BE3D-E9A2-B878-91633AAE80E2}" = Catalyst Control Center Localization Norwegian "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9505717F-666B-9AAA-008B-96F2A1759ED6}" = CCC Help Spanish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A573E06-A63A-4054-DEBF-66116F066859}" = Catalyst Control Center Localization Korean "{9BDEE2D8-B415-6678-C8D3-1DEACD134637}" = Catalyst Control Center Localization Polish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9E474F-075C-9414-2CB8-38FEDA33F70B}" = CCC Help Russian "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9F00F0AC-AF1C-6242-0237-AA83B342C71D}" = CCC Help Polish "{A2AC0DE5-73A5-61CC-13B6-3B4DD1B9963B}" = Catalyst Control Center Localization Thai "{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch "{AB29189D-56E8-5B13-0036-6B233346B2A8}" = CCC Help Danish "{AC491FE4-B6F9-01ED-F5B4-75F04266FD68}" = Catalyst Control Center Localization Danish "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost "{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}" = Windows NT Backup - Restore Utility "{B52DFE51-966A-3A2F-0CA3-6A86D18D1CA5}" = Catalyst Control Center Localization Turkish "{BC75E2A0-6E73-5DBD-4B81-267EEFC93666}" = Catalyst Control Center Localization Finnish "{BCA4A04F-2BF5-4A1A-01E2-C527D8CD0B35}" = ccc-utility "{C138C612-345A-A1B6-7DED-CCE5ADC3FD53}" = Catalyst Control Center Localization Czech "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C9A34BE5-FCA2-11B1-6A48-512FF58AA4BD}" = Catalyst Control Center Graphics Full Existing "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB267145-8ADA-C66E-2D61-5F989BFDA17A}" = CCC Help Japanese "{CD9282E5-F3B4-1942-D56D-9DCACEEA7BF9}" = CCC Help English "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7DC9FC-1E2C-394E-ACEE-1FFDE152A292}" = Catalyst Control Center Graphics Previews Vista "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D1EFBDCB-3C0A-C01E-A56B-26AEF453896B}" = CCC Help Hungarian "{DA42A12A-DA69-0D32-6254-7976F7AE268B}" = CCC Help Swedish "{DC01D608-E195-569B-180A-3661D60D44FE}" = ATI Catalyst Install Manager "{E5C4FD04-A70C-E186-C30E-9AB08ACAD3B9}" = CCC Help Greek "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F001C6A1-56EC-643F-2A91-164AA4EFECA3}" = CCC Help Italian "{F01EA7D4-4851-B2C9-E08D-029AED1203D3}" = Catalyst Control Center Localization Spanish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29D2233-EB8F-F36D-40FF-6B556729E3E1}" = CCC Help Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "AVM ISDN CAPI Port" = AVM ISDN CAPI Port "ElsterFormular 13.0.0.8055u" = ElsterFormular "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.3 "FRITZ! 2.0" = AVM FRITZ! "Glückwunsch-Druckerei 11_is1" = DATA BECKER Glückwunsch-Druckerei 11 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Internet Designer Pro" = Internet Designer Pro "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office14.OUTLOOKR" = Microsoft Outlook 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PC-Doctor 5 for Windows" = Hardware Diagnose Tools "Perf2480P_2580P Ref. Handbuch" = Perf2480P_2580P Ref. Handbuch "PerfectFTP" = PerfectFTP "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Spatial Commander" = Spatial Commander "sv.net" = sv.net "WinGimp-2.0_is1" = GIMP 2.4.6 "WISO VereinsVerwalter" = WISO VereinsVerwalter ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.09.2012 07:18:40 | Computer Name = *** | Source = Windows Search Service | ID = 3013 Description = Error - 11.09.2012 07:18:40 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 18.09.2012 11:18:18 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 18.09.2012 11:18:18 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 26.09.2012 05:58:42 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 05.10.2012 03:00:17 | Computer Name = ***| Source = Norton Ghost | ID = 100 Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden für Auftrag: Arbeitsplatz-Backup. Fehler EC8F03FE: Die Eigenschaften des Auftrags können nicht gelesen werden. Fehler EC8F1F62: Externes Gerät "ExxSi" nicht gefunden. Details: Das System kann den angegebenen Pfad nicht finden. Quelle: Norton Ghost Error - 05.10.2012 07:32:49 | Computer Name = ***| Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung VProSvc.exe, Version 14.0.0.24815, Zeitstempel 0x4792b765, fehlerhaftes Modul ErrorGui.dll, Version 14.0.0.24815, Zeitstempel 0x4792b6aa, Ausnahmecode 0x40000015, Fehleroffset 0x000c9a20, Prozess-ID 0xd20, Anwendungsstartzeit 01cda2c5a597fe61. Error - 11.10.2012 03:29:46 | Computer Name = ***| Source = VSS | ID = 13 Description = Error - 11.10.2012 03:29:46 | Computer Name = ***| Source = VSS | ID = 8193 Description = Error - 11.10.2012 04:20:24 | Computer Name = ***| Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7026 Description = Error - 11.10.2012 05:24:10 | Computer Name = ***| Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Dell Color Laser 1320c nicht unter dem Namen Dell Color Laser 1320c freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 11.10.2012 05:24:10 | Computer Name = ***| Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Canon iR2270/iR2870 PS3 nicht unter dem Namen Canon iR2270iR2870 PS3 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7023 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7000 Description = Error - 11.10.2012 05:25:50 | Computer Name = OTL Extras logfile created on: 11.10.2012 11:56:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,39% Memory free 4,24 Gb Paging File | 3,02 Gb Available in Paging File | 71,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 325,12 Gb Total Space | 184,45 Gb Free Space | 56,73% Space Free | Partition Type: NTFS Drive D: | 10,22 Gb Total Space | 1,41 Gb Free Space | 13,80% Space Free | Partition Type: NTFS Computer Name: ***| User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2968805891-2608667851-174175103-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 2 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01EF7E36-5E23-96E5-C195-CB45880AB805}" = CCC Help Czech "{0238C5F4-A485-DE76-530F-F467AFACD7AC}" = Catalyst Control Center Localization Chinese Traditional "{039DB2DA-151D-8AF8-1BC8-B7E7157180A0}" = CCC Help French "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{096FE185-BF9B-4DF1-92E5-B370E9FD4840}" = GO! Suite "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0D705D16-064C-BAA6-C4E1-067F9DC2A477}" = Catalyst Control Center Localization Hungarian "{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware "{11C97ACD-BD9C-027A-B490-67C5D6FCB14E}" = Catalyst Control Center Localization French "{133A778F-13AD-A1B4-57DB-74D6DF2D0519}" = CCC Help Turkish "{13EFD013-6DD3-F5F4-F357-A95AA12C8A70}" = Catalyst Control Center Localization Greek "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7 "{23D6E5AB-18D1-A6A1-69D0-F8D717B22306}" = CCC Help Portuguese "{240D1D4E-099E-8A4C-6A4C-241C60DB1863}" = CCC Help Dutch "{24B62B98-A210-1AF0-10DE-630538BB150D}" = Catalyst Control Center Graphics Full New "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{25D1518C-B7C1-53C6-10E1-C06B340302FC}" = CCC Help Chinese Standard "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{28FC4B8A-7FA5-B078-E25B-1D60BA1B135B}" = Catalyst Control Center Localization German "{2A31318A-C9F8-482E-6860-F738D8A9A94B}" = CCC Help Korean "{2ABD2125-CBBE-4E11-3573-D1F088BD2594}" = Catalyst Control Center Localization Italian "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{352EA20F-C3F5-A2C4-5A63-472AF1FD87B5}" = Catalyst Control Center Graphics Previews Common "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D066F3A-48BA-E6BC-4C8A-0477FCE8DA87}" = Catalyst Control Center Localization Russian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B3C7239-11B9-F8F3-0303-897538F3CFC8}" = Catalyst Control Center Core Implementation "{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1 "{5587AD4E-2A66-C0A5-95C9-7D04683BEECB}" = Catalyst Control Center Localization Japanese "{5BD715FA-CAAF-D30D-2613-22776086B382}" = CCC Help Finnish "{61F09589-4A31-B31D-2BE1-AC2A65583180}" = Catalyst Control Center Localization Dutch "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{671EEC45-A4AF-6E57-9808-F887CB1F5EE3}" = Catalyst Control Center Localization Swedish "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6AC3C209-610A-0799-7A5A-486AB7B0D8E1}" = ccc-core-static "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{734E5DD4-912F-A7CF-3945-ABDB768CEB34}" = Skins "{737CABA8-7A6C-C777-B568-285DAD5E90BC}" = CCC Help Thai "{73E82A61-DB85-A0A9-B09B-C480059F58EE}" = Catalyst Control Center Graphics Light "{741F918D-A8F8-E6CD-8A6E-12BCC47F952D}" = Catalyst Control Center Localization Chinese Standard "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6 "{82984E09-F0F7-60F2-8C6E-BCDB23FC0283}" = CCC Help Norwegian "{8800D4DB-33F1-DF48-F5FA-3F8A8D46D5D9}" = Catalyst Control Center Localization Portuguese "{899DA790-A271-6A1D-D7DC-573900BC4047}" = CCC Help German "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B8433F3-BE3D-E9A2-B878-91633AAE80E2}" = Catalyst Control Center Localization Norwegian "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9505717F-666B-9AAA-008B-96F2A1759ED6}" = CCC Help Spanish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A573E06-A63A-4054-DEBF-66116F066859}" = Catalyst Control Center Localization Korean "{9BDEE2D8-B415-6678-C8D3-1DEACD134637}" = Catalyst Control Center Localization Polish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9E474F-075C-9414-2CB8-38FEDA33F70B}" = CCC Help Russian "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9F00F0AC-AF1C-6242-0237-AA83B342C71D}" = CCC Help Polish "{A2AC0DE5-73A5-61CC-13B6-3B4DD1B9963B}" = Catalyst Control Center Localization Thai "{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch "{AB29189D-56E8-5B13-0036-6B233346B2A8}" = CCC Help Danish "{AC491FE4-B6F9-01ED-F5B4-75F04266FD68}" = Catalyst Control Center Localization Danish "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 "{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost "{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}" = Windows NT Backup - Restore Utility "{B52DFE51-966A-3A2F-0CA3-6A86D18D1CA5}" = Catalyst Control Center Localization Turkish "{BC75E2A0-6E73-5DBD-4B81-267EEFC93666}" = Catalyst Control Center Localization Finnish "{BCA4A04F-2BF5-4A1A-01E2-C527D8CD0B35}" = ccc-utility "{C138C612-345A-A1B6-7DED-CCE5ADC3FD53}" = Catalyst Control Center Localization Czech "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C9A34BE5-FCA2-11B1-6A48-512FF58AA4BD}" = Catalyst Control Center Graphics Full Existing "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB267145-8ADA-C66E-2D61-5F989BFDA17A}" = CCC Help Japanese "{CD9282E5-F3B4-1942-D56D-9DCACEEA7BF9}" = CCC Help English "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7DC9FC-1E2C-394E-ACEE-1FFDE152A292}" = Catalyst Control Center Graphics Previews Vista "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D1EFBDCB-3C0A-C01E-A56B-26AEF453896B}" = CCC Help Hungarian "{DA42A12A-DA69-0D32-6254-7976F7AE268B}" = CCC Help Swedish "{DC01D608-E195-569B-180A-3661D60D44FE}" = ATI Catalyst Install Manager "{E5C4FD04-A70C-E186-C30E-9AB08ACAD3B9}" = CCC Help Greek "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F001C6A1-56EC-643F-2A91-164AA4EFECA3}" = CCC Help Italian "{F01EA7D4-4851-B2C9-E08D-029AED1203D3}" = Catalyst Control Center Localization Spanish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29D2233-EB8F-F36D-40FF-6B556729E3E1}" = CCC Help Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "AVM ISDN CAPI Port" = AVM ISDN CAPI Port "ElsterFormular 13.0.0.8055u" = ElsterFormular "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.3 "FRITZ! 2.0" = AVM FRITZ! "Glückwunsch-Druckerei 11_is1" = DATA BECKER Glückwunsch-Druckerei 11 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Internet Designer Pro" = Internet Designer Pro "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office14.OUTLOOKR" = Microsoft Outlook 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PC-Doctor 5 for Windows" = Hardware Diagnose Tools "Perf2480P_2580P Ref. Handbuch" = Perf2480P_2580P Ref. Handbuch "PerfectFTP" = PerfectFTP "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Spatial Commander" = Spatial Commander "sv.net" = sv.net "WinGimp-2.0_is1" = GIMP 2.4.6 "WISO VereinsVerwalter" = WISO VereinsVerwalter ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.09.2012 07:18:40 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 11.09.2012 07:18:40 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 18.09.2012 11:18:18 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 18.09.2012 11:18:18 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 26.09.2012 05:58:42 | Computer Name = ***| Source = Windows Search Service | ID = 3013 Description = Error - 05.10.2012 03:00:17 | Computer Name = ***| Source = Norton Ghost | ID = 100 Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden für Auftrag: Arbeitsplatz-Backup. Fehler EC8F03FE: Die Eigenschaften des Auftrags können nicht gelesen werden. Fehler EC8F1F62: Externes Gerät "ExxSi" nicht gefunden. Details: Das System kann den angegebenen Pfad nicht finden. Quelle: Norton Ghost Error - 05.10.2012 07:32:49 | Computer Name = ***| Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung VProSvc.exe, Version 14.0.0.24815, Zeitstempel 0x4792b765, fehlerhaftes Modul ErrorGui.dll, Version 14.0.0.24815, Zeitstempel 0x4792b6aa, Ausnahmecode 0x40000015, Fehleroffset 0x000c9a20, Prozess-ID 0xd20, Anwendungsstartzeit 01cda2c5a597fe61. Error - 11.10.2012 03:29:46 | Computer Name = ***| Source = VSS | ID = 13 Description = Error - 11.10.2012 03:29:46 | Computer Name = ***| Source = VSS | ID = 8193 Description = Error - 11.10.2012 04:20:24 | Computer Name = ***| Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 04:21:03 | Computer Name = ***| Source = Service Control Manager | ID = 7026 Description = Error - 11.10.2012 05:24:10 | Computer Name = ***| Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Dell Color Laser 1320c nicht unter dem Namen Dell Color Laser 1320c freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 11.10.2012 05:24:10 | Computer Name = ***| Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Canon iR2270/iR2870 PS3 nicht unter dem Namen Canon iR2270iR2870 PS3 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7023 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7003 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7000 Description = Error - 11.10.2012 05:25:50 | Computer Name = ***| Source = Service Control Manager | ID = 7026 Description = < End of report > | Source = Service Control Manager | ID = 7026 Description = < End of report > Geändert von Baluba (11.10.2012 um 11:17 Uhr) Grund: Ergänzung OTL Files |
11.10.2012, 11:38 | #2 |
| System Progressive Protection 3.7.10 Hi,
__________________Fix für OTL:
Code:
ATTFilter :OTL O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012.05.15 09:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uxawo [2012.05.16 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ecysl @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = dword:0x00 "FirewallOverride" = dword:0x00 "cval" = dword:0x01 :Commands [emptytemp] [RESTHOSTS] [Reboot]
Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ |
Themen zu System Progressive Protection 3.7.10 |
administrator, anti-malware, appdata, auftrag, autostart, becker, canon, checkliste, datei, dateien, desktop, document, explorer, gelöscht, install.exe, löschen, malwarebytes, microsoft, pdfforge toolbar, plug-in, progressive, progressive protection, quarantäne, recycle.bin, roaming, rogue.systemprogressiveprotection, security, service, service pack 2, shell, software, speicher, system, trojaner, version, vista |