| |
| |||||||
Log-Analyse und Auswertung: Malware? Spionage von Email PasswörternWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.04.2013, 21:10
| #1 |
 |  Malware? Spionage von Email Passwörtern Hallo zusammen, Nach einer Neuinstallation wegen einem "Virenschutz"-Schadprogramm, hatte ich nun vor kurzem gemerkt, dass über mehrere Email-Adressen, die ich in Windows Mail angelegt habe, massenhaft Spam-Mails versendet wurden. Von meinem Email-Provider habe ich jetzt einen Brief bekommen, dass er die Massenmail bemerkt hat und den Ausgang erstmal gesperrt hat. Zitat: > Die Prüfung der über dieses E-Mail-Konto versendeten Spam-Mails hat > ergeben, dass diese von IP-Adressen fremder Provider eingeliefert worden > sind. Dies bedeutet, dass Ihre Passwörter mit an Sicherheit grenzender > Wahrscheinlichkeit kompromittiert sind. Nach Ändern der Passwörter ist im Moment Ruhe. Es geht hierbei um insgesamt 4 verschiedene Emailadressen, bei zwei verschiedenen Providern, somit liegt der Verdacht nahe, dass die Passwörter mit einem Schadprogramm ausgespäht wurden. Anbei sind die LOGs der Anleitung. Vielen Dank im voraus! OTL Code:
ATTFilter OTL logfile created on: 26.04.2013 21:33:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free 7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32 Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe PRC - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.28 00:09:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.03.14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.06 10:16:34 | 000,048,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\celmkt_x64.sys -- (celmkt) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE:64bit: - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE - HKCU\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FDD47-75AB-4987-8034-237DAF5F86B5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell - "" = AutoRun O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell - "" = AutoRun O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 21:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe [2013.04.16 08:07:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Fotos Projektantrag [2013.04.09 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibungen [2013.04.06 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\hpqlog [2013.03.28 18:51:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ElevatedDiagnostics [2013.03.28 18:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard [2013.03.28 16:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2013.03.28 16:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner [2013.03.28 16:42:29 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.03.28 16:42:29 | 000,421,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013.03.28 16:42:29 | 000,222,464 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.03.28 16:42:29 | 000,212,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.03.28 16:42:29 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.03.28 16:42:29 | 000,098,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.03.28 16:42:29 | 000,086,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.03.28 16:42:29 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.03.28 16:42:29 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.03.28 16:42:29 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.03.28 16:42:29 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013.03.28 16:42:29 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.03.28 16:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner [2013.03.28 16:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2013.03.28 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\PsyPrax [2013.03.28 15:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PSYPRCFG [2013.03.28 15:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psyprax32 [2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Psyprax32 [2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Psyprax32 [2013.03.28 14:47:31 | 000,000,000 | ---D | C] -- C:\adebisKITA [2013.03.28 14:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.03.28 14:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual FoxPro OLE DB Provider [2013.03.28 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.28 13:47:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.28 13:45:02 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.03.28 13:44:45 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.03.28 08:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2013.03.28 03:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.28 01:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp-1 [2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp[1] [2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp-2 [2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp[1] [2013.03.28 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Singe-we-Godi [2013.03.28 01:46:11 | 000,000,000 | --SD | C] -- C:\Users\Susanne\Documents\Meine Datenquellen [2013.03.28 01:46:11 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents\My Stationery [2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Praxis [2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Noten Kinder [2013.03.28 01:45:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\**Zensiert** [2013.03.28 01:45:40 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Deutsche Post AG [2013.03.28 01:45:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\CyberLink [2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Broschüre [2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Ausbildungs-Studienplatzanträge [2013.03.28 01:45:31 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\apemap [2013.03.28 01:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.28 01:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.28 01:39:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Erdgeschoß [2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.28 01:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.03.28 01:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.28 01:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.03.28 01:36:14 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft Help [2013.03.28 01:35:58 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.28 01:25:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.28 01:25:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Adobe [2013.03.28 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series [2013.03.28 01:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.03.28 01:22:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2013.03.28 01:22:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.28 01:22:15 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.03.28 01:21:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.03.28 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\vlc [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\WinRAR [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.28 01:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.28 01:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.28 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.28 01:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.28 01:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.28 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Google [2013.03.28 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Skype [2013.03.28 01:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Deployment [2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Apps [2013.03.28 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\CyberLink [2013.03.28 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\CyberLink [2013.03.28 00:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2013.03.28 00:17:39 | 000,041,024 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys [2013.03.28 00:17:15 | 000,019,008 | ---- | C] (T-Systems Enterprise Services GmbH) -- C:\Windows\SysNative\drivers\dslmnlwf.sys [2013.03.28 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Avira [2013.03.28 00:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.28 00:10:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 00:10:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 00:10:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.27 23:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.27 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Macromedia [2013.03.27 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Adobe [2013.03.27 23:39:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\HpUpdate [2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\ATI [2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ATI [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Searches [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.27 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Identities [2013.03.27 23:31:13 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Contacts [2013.03.27 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\VirtualStore [2013.03.27 23:30:42 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Hewlett-Packard [2013.03.27 23:28:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Hewlett-Packard [2013.03.27 23:27:15 | 000,000,000 | --SD | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Videos [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Saved Games [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Pictures [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Music [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Links [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Favorites [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Downloads [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Desktop [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Vorlagen [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Verlauf [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Temporary Internet Files [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Startmenü [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\SendTo [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Recent [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Netzwerkumgebung [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Lokale Einstellungen [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Videos [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Musik [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Eigene Dateien [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Bilder [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Druckumgebung [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Cookies [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Anwendungsdaten [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Anwendungsdaten [2013.03.27 23:27:15 | 000,000,000 | -H-D | C] -- C:\Users\Susanne\AppData [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Temp [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Media Center Programs [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.27 23:23:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe [2013.04.26 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\Susanne\defogger_reenable [2013.04.26 21:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 20:16:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 20:15:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 20:14:43 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 11:41:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 11:41:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 11:41:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 11:41:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 11:41:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.19 12:00:52 | 002,846,090 | ---- | M] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | M] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 11:56:59 | 008,141,664 | ---- | M] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.17 09:16:55 | 000,323,879 | ---- | M] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf [2013.04.11 03:20:57 | 000,389,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 19:39:51 | 000,279,832 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.28 18:49:58 | 000,255,624 | ---- | M] () -- C:\Windows\hpdj3600.his [2013.03.28 18:49:58 | 000,009,251 | ---- | M] () -- C:\Windows\hpdj3600.ini [2013.03.28 16:46:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.03.28 16:45:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.03.28 16:43:10 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.03.28 16:42:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.03.28 16:42:10 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.03.28 16:42:10 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013.03.28 16:42:10 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.03.28 16:42:10 | 000,069,632 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.03.28 16:42:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.03.28 16:42:10 | 000,022,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.03.28 16:10:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.28 16:10:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.27 23:34:40 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.04.26 21:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Susanne\defogger_reenable [2013.04.19 12:00:52 | 002,846,090 | ---- | C] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | C] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 09:16:54 | 000,323,879 | ---- | C] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf [2013.04.13 07:38:15 | 008,141,664 | ---- | C] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.10 19:39:51 | 000,279,832 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.28 18:45:22 | 000,255,624 | ---- | C] () -- C:\Windows\hpdj3600.his [2013.03.28 18:45:22 | 000,009,251 | ---- | C] () -- C:\Windows\hpdj3600.ini [2013.03.28 18:31:24 | 000,048,488 | ---- | C] () -- C:\Windows\SysNative\drivers\celmkt_x64.sys [2013.03.28 16:46:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.03.28 16:45:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.03.28 16:43:10 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.03.28 16:42:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.03.28 16:10:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.28 16:10:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.28 14:47:37 | 000,001,720 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adebisKITA.lnk [2013.03.28 13:45:49 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.03.28 13:44:31 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.03.28 13:44:12 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.03.28 04:14:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.28 03:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.28 03:02:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.28 01:47:07 | 000,010,631 | ---- | C] () -- C:\Users\Susanne\**Zensiert**.pfx [2013.03.28 01:46:19 | 006,204,630 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtslieder.pdf [2013.03.28 01:46:19 | 000,783,638 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtsbrief2010 e-mail.pdf [2013.03.28 01:46:18 | 003,720,192 | ---- | C] () -- C:\Users\Susanne\Documents\Tiere, Natur.pps [2013.03.28 01:46:17 | 000,186,613 | ---- | C] () -- C:\Users\Susanne\Documents\Ratgeber_Gruene_Elektronik_18_Zusammenfassung_deutsch.pdf [2013.03.28 01:46:17 | 000,182,610 | ---- | C] () -- C:\Users\Susanne\Documents\Rundbrief-1.pdf [2013.03.28 01:46:11 | 000,093,084 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf [2013.03.28 01:45:40 | 003,755,299 | ---- | C] () -- C:\Users\Susanne\Documents\Helden_auf_Bewährung.pdf [2013.03.28 01:45:40 | 000,635,056 | ---- | C] () -- C:\Users\Susanne\Documents\Gestörte Schaltkreise, Spektrum der Wissenschaft, Mai 2011.pdf [2013.03.28 01:45:40 | 000,383,394 | ---- | C] () -- C:\Users\Susanne\Documents\Geburtstagseinladung Susanne.pdf [2013.03.28 01:45:40 | 000,146,087 | ---- | C] () -- C:\Users\Susanne\Documents\Jahresbericht 2011 Internet.pdf [2013.03.28 01:45:40 | 000,113,040 | ---- | C] () -- C:\Users\Susanne\Documents\JHV2012.pdf [2013.03.28 01:45:37 | 000,045,584 | ---- | C] () -- C:\Users\Susanne\Documents\Delphine_Stresstest.pdf [2013.03.28 01:45:36 | 002,003,968 | ---- | C] () -- C:\Users\Susanne\Documents\Aufmunterung.pps [2013.03.28 01:45:31 | 000,177,956 | ---- | C] () -- C:\Users\Susanne\Documents\Adressen_und_ Geburtstage_2013-Stand_Januar.pdf [2013.03.28 01:45:31 | 000,024,625 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf [2013.03.28 01:39:19 | 000,001,436 | ---- | C] () -- C:\Users\Susanne\Desktop\Kobi.lnk [2013.03.28 01:39:19 | 000,001,362 | ---- | C] () -- C:\Users\Susanne\Desktop\Praxis.lnk [2013.03.28 01:39:17 | 000,001,233 | ---- | C] () -- C:\Users\Susanne\Desktop\Eigene Dokumente.lnk [2013.03.28 01:23:24 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL [2013.03.28 01:11:57 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.28 01:11:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.27 23:31:24 | 000,001,405 | ---- | C] () -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.27 23:28:36 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2013.03.27 23:28:36 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk [2013.03.27 23:22:55 | 3112,587,264 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.28 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\PsyPrax ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 21:34:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free
7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E13646-031C-4D63-8E2C-519FBC33306B}" = rport=138 | protocol=17 | dir=out | app=system |
"{04252F46-FE52-4788-BEB8-14AB86D42AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{101B128E-90A8-4903-8DC7-79EE187CF730}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{317D60CE-391D-4C00-8EB2-9B618EC89804}" = rport=139 | protocol=6 | dir=out | app=system |
"{31BE142A-4638-4761-AA49-78553D4FF2FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38B5FBEB-8B4E-41F8-AEBD-E9141835109D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A9EC5FA-F2A2-4F33-A6D9-CF8A0361B14F}" = lport=139 | protocol=6 | dir=in | app=system |
"{47C09A6D-DBD6-4774-933F-C5A0ABFC333B}" = lport=137 | protocol=17 | dir=in | app=system |
"{570AF88F-5B35-4017-B21B-14BD983B7621}" = rport=445 | protocol=6 | dir=out | app=system |
"{59861AAD-C033-4B8A-8661-52D0F1B790BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DB434BF-4D65-4D5D-BB8A-580E54B415B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6472F28A-42F9-4051-BAF3-2AD6C9A75BF2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76D496F1-1DE2-4299-B2C6-5CD9B2827AEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F571AC9-29D4-4E1A-AC8A-3B6FA6ADDB55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A84D54A0-00D7-4513-8C5A-BB7956D1A0DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{B928F0A8-4AED-44D0-ABBD-DA63028FA1A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD5BC235-8C84-40FD-AF6E-E485AFAC3D47}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD8DC53F-669F-4F51-AF2C-783544C0ED22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7299E4F-5FB5-4DD0-9A19-FA23A2261D2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE94DA1A-5CF8-4DB0-B2AA-856EE85472F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF252669-F899-42A3-8663-69AFC4C4897F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F33438B2-3EAA-4109-A12D-0AB86A9469C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5639180-A5A5-42A3-96A3-0F8F727250EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDD2F485-64DA-425D-9175-DD0D8394AA1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AADA7F3-2885-4ECA-BEC2-254985BB6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{368AAFC2-B438-46E4-B759-99D59F0339BA}" = protocol=6 | dir=out | app=system |
"{3FD9CC3B-87D4-4B85-BEE6-9BE2AEFB175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56A29773-AA47-41B9-82C9-7C124702DFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{584601BA-9DFB-44B6-A568-E784B874FF63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A0AF75F-36B4-43B8-927E-DF981CB92A83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5D30B85A-D69A-430B-9EDD-6218AABF75C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69F57D4E-89E7-4191-89E6-76701B961BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6BBE4CAF-3792-4555-AE85-F17029E61731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C433974-967C-4044-B2D1-4842C60660FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70C50F4C-78BC-41A7-9173-64517195C2CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713EF3A1-F0FA-411F-B44C-18DB0E58E62D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77361F11-48B6-414D-823B-A63C6043F1D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F0E0F82-2C6C-4B89-A2FD-4DCA093B8817}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4E6C821-87CE-4CAE-B407-E418F06F4BF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8D4DA27-3FC2-4B9A-96AE-C86712984FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE39440-4513-4105-9EE3-6141F234335A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B4E0B5BC-0C52-496E-B1D9-DDF2AA37585C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C7AD2E47-7FB5-49AA-ACD2-B48CC0F02CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD7A6CDA-EDB8-496B-8166-8DB274889FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1F42F7A-FA17-4481-8F38-8E14BBD6BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F58A85A4-75FA-4F36-AC9E-A9FC1F35C8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19E2CC1A-981D-49FD-B42A-143DC96D40C8}" = adebisKITA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1" = Psyprax
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"hp print screen utility" = hp print screen utility
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mobile Partner" = Mobile Partner
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"VLC media player" = VLC media player 2.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2013 14:12:19 | Computer Name = Susanne | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpdj.exe, Version: 2.236.4.0, Zeitstempel:
0x3f52e9d3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x6e4 Startzeit der fehlerhaften Anwendung: 0x01ce2bdfb7b85a13 Pfad der fehlerhaften
Anwendung: C:\Users\Susanne\AppData\Local\Temp\hpdj.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 0716bf9d-97d3-11e2-b3b0-c80aa945a4b0
Error - 30.03.2013 09:53:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.03.2013 11:50:47 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.04.2013 15:19:58 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.04.2013 07:04:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 07.04.2013 06:10:08 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.04.2013 11:31:59 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.04.2013 09:18:06 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.04.2013 08:30:21 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.04.2013 21:51:49 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1069
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dhcp" konnte sich nicht als "NT Authority\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DHCP-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1069
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 28.03.2013 10:43:03 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "HWDeviceService64.exe" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.03.2013 12:49:49 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "hpdj" ist als interaktiver Dienst gekennzeichnet. Das
System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind.
Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 21:55:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Susanne\AppData\Local\Temp\axddypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fe1465 2 bytes [FE, 76]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fe14bb 2 bytes [FE, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829 0x0B 0xF8 0xC3 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829 0x0B 0xF8 0xC3 0x0C ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von jojoho (26.04.2013 um 21:54 Uhr) |
| Themen zu Malware? Spionage von Email Passwörtern |
| angelegt, bds/androm.eb.94, canon, emailadresse, emailadressen, geliefert, hallo zusammen, html-scriptvirus html/redirector.eu, install.exe, kompromittiert, launch, massenhaft, neuinstallation, passwörter, passwörtern, plug-in, richtlinie, sicherheit, spionage, tr/psw.fareit.c.10, tr/psw.tepfer.eb.63, tr/yakes.o, verschiedene, verschiedenen, virenschutz, zusammen |
Baum-Darstellung