| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: IE Problem mit WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2010, 11:30
| #1 |
| |  IE Problem mit Werbung Hallo, bin neu, bitte nicht sauer sein wenn ich hier falsch bin, habe das Forum durchsucht nach lösung und bin jetzt aber von den Vielfältigkeiten der Antworten etwas erschlagen und weis nun erst recht nicht mehr was ich tun soll. Ich habe Windows Vista Ultimate (auf dem neuesten Stand) und seit gestern geht der IE auf ohne das ich was tue mit irgendwelche Werbungen für alles mögliche und Spiele, über Nacht hatte ich über 10 offene Fenster. Da ich Computermäßig und was vor allem solche Sachen anbelang recht unbeleckt bin, wäre ich sehr dankbar wenn mir jemand eine Schritt für Schritt Anweisung für Dummys geben könnte. Herzlichen Dank Tom |
|
23.07.2010, 17:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | IE Problem mit Werbung Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
24.07.2010, 14:24
| #3 |
| | IE Problem mit Werbung Hallo Arne,
__________________habe ich nun gemacht und habe mehrere Dateien, ich schicke mal alle, hoffe das klappt auch das schicken :-) Vielleicht noch hier ein Hinweis, wenn ich den IE aufmache kommt meine eingestellte Startseite und dann geht auch gleich nochmal wieder ein Fenster mit Werbung auf....grummel von den Seiten die ganz alleine aufgehen mal abgesehen. Klappt nicht als Dateianhang, sei zu groß sagt er, ich versuchs mal unter der Nachricht Grüßle und vielen Dank Tom Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4341 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 24.07.2010 10:33:57 mbam-log-2010-07-24 (10-33-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 308387 Laufzeit: 1 Stunde(n), 39 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\WinRAR\Keygen.exe (RiskWare.Agent.CK) -> Quarantined and deleted successfully. C:\Users\Tom\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2010 19:27:27 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 233,79 Gb Total Space | 180,86 Gb Free Space | 77,36% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 342,19 Gb Free Space | 57,40% Space Free | Partition Type: NTFS Drive E: | 350,66 Gb Total Space | 280,09 Gb Free Space | 79,87% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 1,00 Gb Total Space | 0,93 Gb Free Space | 93,23% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 2,00 Gb Total Space | 2,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT Drive S: | 7,47 Gb Total Space | 2,90 Gb Free Space | 38,84% Space Free | Partition Type: NTFS Computer Name: THOMAS Current User Name: Tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\config\systemprofile\AppData\Local\Windows Network Name Service\wnns.exe () PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG) PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Schmaili90\schmaili.exe (Marc Waesche Services) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\1&1\1&1 Office-Drive Manager\EXPLORERHOOK.DLL (1&1 Internet AG) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Nuance\NaturallySpeaking10\Program\dgniedct.dll (Nuance Communications, Inc.) MOD - C:\Programme\Nuance\NaturallySpeaking10\Program\nlutmgrhook.dll (Nuance Communications, Inc.) MOD - C:\Programme\Nuance\NaturallySpeaking10\Program\dd10hook.dll (Nuance Communications, Inc.) MOD - C:\Programme\Nuance\NaturallySpeaking10\Program\dd10axa.dll (Nuance Communications, Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Windows Network Name Service) -- C:\Windows\System32\config\systemprofile\AppData\Local\Windows Network Name Service\wnns.exe () SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AVKService) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- C:\Windows\System32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- C:\Windows\System32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ui11drdr) -- C:\Windows\System32\drivers\ui11drdr.SYS (1&1 Internet AG) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {e7f88e02-0c78-48a1-86d2-82d8865de2df} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gayromeo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C A8 EB 21 32 F7 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {e7f88e02-0c78-48a1-86d2-82d8865de2df} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com File not found O1 HOSTS File: ([2009.09.09 11:09:46 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKCU..\Run: [Schmaili] C:\Programme\Schmaili90\schmaili.exe (Marc Waesche Services) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Programme\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\Bin\resources\WebMenuImg.htm () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d6a27073-97c3-11de-9bbe-df462000acdd}\Shell - "" = AutoRun O33 - MountPoints2\{d6a27073-97c3-11de-9bbe-df462000acdd}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 19:18:20 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2010.07.23 19:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.23 19:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.23 19:17:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.23 19:17:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.23 19:16:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.07.23 19:15:59 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe [2010.07.22 18:37:56 | 000,000,000 | ---D | C] -- C:\Programme\Oryte_Games_1.9 [2010.07.22 18:10:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\IncrediMail [2010.07.22 17:42:26 | 000,000,000 | ---D | C] -- C:\searchplugins [2010.07.22 17:24:48 | 000,000,000 | ---D | C] -- C:\Programme\IncrediMail [2010.07.21 15:59:33 | 000,000,000 | ---D | C] -- C:\Programme\PhotoMail Maker [2010.07.21 15:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoMail [2010.07.20 13:47:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\1&1 [2010.07.20 13:43:56 | 000,144,384 | ---- | C] (1&1 Internet AG) -- C:\Windows\System32\drivers\ui11drdr.SYS [2010.07.20 13:43:56 | 000,008,192 | ---- | C] (1&1 Internet AG) -- C:\Windows\System32\ui11dnp.dll [2010.07.20 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\1&1 [2010.07.20 13:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 [2010.07.20 13:43:45 | 000,000,000 | ---D | C] -- C:\Programme\1&1 [2010.07.20 11:42:41 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.08 16:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.07.08 15:43:26 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.07.08 15:43:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.07.08 15:43:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.07.08 15:43:24 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.07.08 15:43:23 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.07.08 15:43:23 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.07.08 15:43:22 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.07.08 15:43:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.07.08 15:43:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.07.08 15:43:20 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.07.08 15:43:20 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.07.08 15:43:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.07.08 15:43:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.07.08 15:43:17 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.07.08 15:43:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.07.08 15:43:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.07.08 15:43:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.07.08 15:43:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.07.08 15:43:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.07.08 15:43:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.07.08 15:43:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.07.08 15:43:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.07.08 15:43:11 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.07.08 15:43:11 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.07.08 15:43:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.07.08 15:43:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.07.08 15:43:09 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.07.08 15:43:09 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.07.08 15:43:08 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.07.08 15:43:07 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.07.08 15:43:07 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.07.08 15:43:07 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.07.08 15:43:06 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.07.08 15:43:05 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.07.08 15:43:05 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.07.08 15:43:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.07.08 15:43:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.07.08 15:43:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.07.08 15:43:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010.07.08 15:43:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010.07.08 15:43:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010.07.08 15:43:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010.07.08 15:43:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2010.07.08 15:43:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010.07.08 15:43:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010.07.08 15:42:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010.07.08 15:42:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010.07.08 15:42:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010.07.08 15:42:57 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010.07.08 15:42:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010.07.08 15:42:56 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010.07.08 15:42:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010.07.08 15:42:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010.07.08 15:42:53 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010.07.08 15:42:53 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010.07.08 15:42:52 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010.07.08 15:42:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.07.08 15:42:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.07.08 15:42:50 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.07.08 15:42:49 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2010.07.08 15:42:49 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010.07.08 15:42:48 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2010.07.08 15:42:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2010.07.08 15:42:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010.07.08 15:42:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2010.07.08 15:42:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2010.07.08 15:42:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2010.07.08 15:42:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2010.07.08 15:42:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2010.07.08 15:42:43 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2010.07.08 15:42:42 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2010.07.08 15:42:42 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2010.07.08 15:42:41 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2010.07.08 15:42:41 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2010.07.08 15:42:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.07.08 15:42:40 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2010.07.08 15:42:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2010.07.08 15:42:38 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.07.08 15:42:38 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.07.08 15:42:37 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.07.08 15:42:31 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.07.08 15:42:31 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.07.08 15:42:30 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.07.08 15:42:29 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2010.07.08 15:42:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.07.08 15:42:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.07.08 15:42:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2010.07.08 15:42:26 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.07.08 15:34:09 | 000,000,000 | -H-D | C] -- D:\msdownld.tmp [2010.07.08 15:34:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2010.07.08 09:06:41 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Scansoft [2010.07.07 08:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010.07.07 08:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.07.07 08:42:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Nuance [2010.07.07 08:38:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ScanSoft Shared [2010.07.07 08:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2010.07.07 08:38:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nuance [2010.07.07 08:38:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield [2010.07.07 08:38:41 | 000,000,000 | ---D | C] -- C:\Programme\Nuance [2010.07.07 08:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2010.07.03 10:01:31 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.07.03 09:59:54 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\acaptuser32.dll [2010.07.01 16:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Xobni [2010.06.30 11:11:31 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.06.30 11:11:31 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.06.30 10:33:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\OpenOffice.org [2010.06.29 18:45:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Picture It! 10 [2010.06.29 14:45:58 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2010.06.29 14:43:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Banyuls Kiddis [2010.06.24 03:01:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.24 03:01:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.24 03:01:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 19:50:29 | 008,912,896 | ---- | M] () -- C:\Users\Tom\ntuser.dat [2010.07.23 19:37:51 | 000,000,010 | ---- | M] () -- C:\Windows\System32\stamp.dat [2010.07.23 19:18:00 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 19:17:27 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe [2010.07.23 19:16:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.07.23 18:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 18:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 17:24:32 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B460E9ED-B657-446E-955E-933B0260F9CC}.job [2010.07.23 11:14:14 | 000,002,074 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT [2010.07.22 18:19:30 | 000,000,020 | ---- | M] () -- C:\Windows\schmaili3.gif [2010.07.22 18:19:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.22 18:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.22 18:18:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.22 18:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 18:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TM.blf [2010.07.22 18:12:23 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010.07.22 18:11:16 | 002,160,729 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db [2010.07.22 15:03:32 | 000,033,280 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.22 11:38:39 | 282,774,959 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.20 13:43:56 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Office-Drive Manager.lnk [2010.07.20 13:01:37 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\BCD Clubschau in Mühlberg.pdf [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\22.ClubschauMuehlberg.pdf [2010.07.13 13:12:17 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2010.07.10 10:50:29 | 000,001,138 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk [2010.07.10 10:40:31 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2010.07.10 10:40:31 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2010.07.10 10:40:31 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2010.07.08 16:21:17 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.07.02 23:09:33 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 16:23:22 | 000,000,898 | ---- | M] () -- C:\Users\Tom\Desktop\Trillian.lnk [2010.07.01 11:09:14 | 007,864,320 | ---- | M] () -- C:\Users\Tom\NTUSER.DAT_tureg_old [2010.07.01 11:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.01 11:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TM.blf [2010.06.30 11:11:30 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.06.30 11:11:30 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.06.30 10:14:40 | 003,992,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.29 18:47:29 | 000,143,648 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.29 18:47:06 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It!-Bibliothek 10.lnk [2010.06.29 18:46:29 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It! Foto Premium 10.lnk [2010.06.29 14:47:04 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.29 14:27:06 | 000,010,271 | ---- | M] () -- C:\Users\Tom\.recently-used.xbel [2010.06.28 15:18:39 | 001,470,894 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.28 15:18:39 | 000,632,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.28 15:18:39 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.28 15:18:39 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.28 15:18:39 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.25 09:03:42 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010.06.24 15:28:23 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTomHaupt.jpg [2010.06.24 15:28:11 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTom.jpg [2010.06.24 15:24:04 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\Lexware kassenbuch.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 19:18:00 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 12:37:49 | 000,000,010 | ---- | C] () -- C:\Windows\System32\stamp.dat [2010.07.22 18:12:23 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010.07.20 13:43:55 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Office-Drive Manager.lnk [2010.07.20 11:43:29 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.20 09:33:00 | 000,014,517 | ---- | C] () -- D:\BCD Clubschau in Mühlberg.pdf [2010.07.20 09:33:00 | 000,014,517 | ---- | C] () -- D:\22.ClubschauMuehlberg.pdf [2010.07.10 10:50:29 | 000,001,138 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk [2010.07.10 10:46:08 | 000,002,074 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT [2010.07.10 10:40:31 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2010.07.10 10:40:31 | 000,000,494 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2010.07.10 10:40:31 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2010.07.08 16:21:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.07.07 08:41:45 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2010.07.01 11:10:00 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 11:10:00 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.01 11:10:00 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TM.blf [2010.07.01 11:09:08 | 000,000,000 | -H-- | C] () -- C:\Users\Tom\NTUSER.DAT_tureg_new.LOG2 [2010.07.01 11:09:08 | 000,000,000 | -H-- | C] () -- C:\Users\Tom\NTUSER.DAT_tureg_new.LOG1 [2010.06.29 18:47:06 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Picture It!-Bibliothek 10.lnk [2010.06.29 18:46:29 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Picture It! Foto Premium 10.lnk [2010.06.29 14:47:04 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.29 14:27:06 | 000,010,271 | ---- | C] () -- C:\Users\Tom\.recently-used.xbel [2010.06.24 15:28:11 | 000,002,445 | ---- | C] () -- C:\Users\Tom\Desktop\GruberTom.jpg [2010.06.24 15:26:16 | 000,002,445 | ---- | C] () -- C:\Users\Tom\Desktop\GruberTomHaupt.jpg [2009.12.30 15:58:09 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.12.14 12:07:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.18 19:03:41 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.09.18 19:03:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.09.18 19:03:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009.09.18 19:03:36 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.09.18 19:03:36 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.09.18 19:03:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.09.18 19:03:34 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.09.13 12:02:38 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.05 16:09:21 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2009.09.03 18:00:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDEALCX11Euro.ini [2009.09.03 10:46:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.03 09:41:05 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2009.09.02 19:52:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.02.02 21:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.02.02 21:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.02.02 21:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.02.02 20:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A24211BA < End of report > [2010.07.23 19:54:19 | 008,912,896 | ---- | M] () -- C:\Users\Tom\ntuser.dat [2010.07.23 19:54:18 | 000,262,144 | -H-- | M] () -- C:\Users\Tom\ntuser.dat.LOG1 [2010.07.23 19:54:08 | 000,000,000 | R--D | M] -- C:\Users\Tom\Desktop [2010.07.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Local\Temp [2010.07.23 19:37:51 | 000,000,010 | ---- | M] () -- C:\Windows\System32\stamp.dat [2010.07.23 19:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2010.07.23 19:18:11 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.23 19:18:00 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 19:17:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2010.07.23 19:17:27 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe [2010.07.23 19:16:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.07.23 17:24:32 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B460E9ED-B657-446E-955E-933B0260F9CC}.job [2010.07.23 11:14:14 | 000,002,074 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT [2010.07.23 08:52:52 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\DVDVideoSoft [2010.07.22 18:37:56 | 000,000,000 | ---D | M] -- C:\Programme\Oryte_Games_1.9 [2010.07.22 18:19:30 | 000,000,020 | ---- | M] () -- C:\Windows\schmaili3.gif [2010.07.22 18:19:30 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2010.07.22 18:19:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.22 18:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.22 18:18:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.22 18:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 18:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TM.blf [2010.07.22 18:12:23 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010.07.22 18:11:16 | 002,160,729 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db [2010.07.22 17:24:48 | 000,000,000 | ---D | M] -- C:\Programme\IncrediMail [2010.07.22 15:03:32 | 000,033,280 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.22 14:45:12 | 000,000,000 | ---D | M] -- C:\Programme\AutocompletePro [2010.07.22 11:38:39 | 282,774,959 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.22 09:20:40 | 000,000,000 | ---D | M] -- C:\Programme\Trillian [2010.07.21 15:59:35 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoMail [2010.07.21 15:59:34 | 000,000,000 | ---D | M] -- C:\Programme\PhotoMail Maker [2010.07.20 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\1&1 [2010.07.20 13:43:56 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Office-Drive Manager.lnk [2010.07.20 13:43:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Local\1&1 [2010.07.20 13:43:56 | 000,000,000 | ---D | M] -- C:\ProgramData\1&1 [2010.07.20 13:43:45 | 000,000,000 | ---D | M] -- C:\Programme\1&1 [2010.07.20 13:01:37 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.20 11:43:27 | 000,000,000 | ---D | M] -- C:\Programme\iTunes [2010.07.20 11:42:41 | 000,000,000 | ---D | M] -- C:\Programme\iPod [2010.07.20 11:42:40 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\Apple [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\BCD Clubschau in Mühlberg.pdf [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\22.ClubschauMuehlberg.pdf [2010.07.15 07:57:02 | 000,000,000 | R--D | M] -- C:\Users\Tom\Favorites [2010.07.14 15:29:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BOM [2010.07.14 14:50:17 | 000,000,000 | ---D | M] -- C:\Programme\Biet-O-Matic [2010.07.14 03:04:24 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2010.07.14 03:03:46 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\microsoft shared [2010.07.13 13:12:17 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2010.07.10 10:50:29 | 000,001,138 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk [2010.07.10 10:40:31 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2010.07.10 10:40:31 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2010.07.10 10:40:31 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2010.07.08 16:36:59 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2010.07.08 16:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2010.07.08 16:21:17 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.07.08 10:56:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Local\Apple Computer [2010.07.08 09:06:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Local\Scansoft [2010.07.07 08:43:44 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallShield [2010.07.07 08:42:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Nuance [2010.07.07 08:38:54 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\ScanSoft Shared [2010.07.07 08:38:54 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft [2010.07.07 08:38:53 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\Nuance [2010.07.07 08:38:53 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\InstallShield [2010.07.07 08:38:41 | 000,000,000 | ---D | M] -- C:\Programme\Nuance [2010.07.07 08:38:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Nuance [2010.07.02 23:09:33 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 16:30:50 | 000,000,000 | ---D | M] -- C:\Programme\Xobni [2010.07.01 16:24:53 | 000,000,064 | ---- | M] () -- C:\Users\Tom\AppData\Local\xobni_installer_updater.log [2010.07.01 16:23:22 | 000,000,898 | ---- | M] () -- C:\Users\Tom\Desktop\Trillian.lnk [2010.07.01 11:09:14 | 007,864,320 | ---- | M] () -- C:\Users\Tom\NTUSER.DAT_tureg_old [2010.07.01 11:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.01 11:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TM.blf [2010.07.01 11:09:08 | 000,000,000 | -H-- | M] () -- C:\Users\Tom\NTUSER.DAT_tureg_new.LOG2 [2010.07.01 11:09:08 | 000,000,000 | -H-- | M] () -- C:\Users\Tom\NTUSER.DAT_tureg_new.LOG1 [2010.07.01 10:14:22 | 000,000,000 | --SD | M] -- C:\Users\Tom\AppData\Roaming\Microsoft [2010.06.30 11:11:30 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.06.30 11:11:30 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.06.30 11:11:30 | 000,000,000 | ---D | M] -- C:\Programme\TuneUp Utilities 2010 [2010.06.30 10:33:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenOffice.org [2010.06.30 10:14:40 | 003,992,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.29 18:47:29 | 000,143,648 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.29 18:47:06 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It!-Bibliothek 10.lnk [2010.06.29 18:47:06 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Picture It! 10 [2010.06.29 18:46:29 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It! Foto Premium 10.lnk [2010.06.29 14:47:04 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.29 14:46:22 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2010.06.29 14:27:06 | 000,010,271 | ---- | M] () -- C:\Users\Tom\.recently-used.xbel [2010.06.29 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtk-2.0 [2010.06.28 15:18:39 | 001,470,894 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.28 15:18:39 | 000,632,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.28 15:18:39 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.28 15:18:39 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.28 15:18:39 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.28 15:16:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.06.25 09:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FileZilla [2010.06.25 09:03:42 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010.06.25 09:03:42 | 000,000,000 | ---D | M] -- C:\Programme\FileZilla FTP Client [2010.06.24 15:28:23 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTomHaupt.jpg [2010.06.24 15:28:11 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTom.jpg [2010.06.24 15:24:04 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\Lexware kassenbuch.lnk [2010.06.24 13:27:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Local\Microsoft [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 19:54:19 | 008,912,896 | ---- | M] () -- C:\Users\Tom\ntuser.dat [2010.07.23 19:37:51 | 000,000,010 | ---- | M] () -- C:\Windows\System32\stamp.dat [2010.07.23 19:18:00 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 19:17:27 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe [2010.07.23 19:16:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.07.23 18:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 18:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 17:24:32 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B460E9ED-B657-446E-955E-933B0260F9CC}.job [2010.07.23 11:14:14 | 000,002,074 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT [2010.07.22 18:19:30 | 000,000,020 | ---- | M] () -- C:\Windows\schmaili3.gif [2010.07.22 18:19:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.22 18:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.22 18:18:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.22 18:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 18:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TM.blf [2010.07.22 18:12:23 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010.07.22 18:11:16 | 002,160,729 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db [2010.07.22 15:03:32 | 000,033,280 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.22 11:38:39 | 282,774,959 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.20 13:43:56 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Office-Drive Manager.lnk [2010.07.20 13:01:37 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\BCD Clubschau in Mühlberg.pdf [2010.07.20 09:33:00 | 000,014,517 | ---- | M] () -- D:\22.ClubschauMuehlberg.pdf [2010.07.13 13:12:17 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk [2010.07.10 10:50:29 | 000,001,138 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk [2010.07.10 10:40:31 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2010.07.10 10:40:31 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2010.07.10 10:40:31 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job [2010.07.08 16:21:17 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.07.02 23:09:33 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{da8bc8a2-84ef-11df-90fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 16:23:22 | 000,000,898 | ---- | M] () -- C:\Users\Tom\Desktop\Trillian.lnk [2010.07.01 11:09:14 | 007,864,320 | ---- | M] () -- C:\Users\Tom\NTUSER.DAT_tureg_old [2010.07.01 11:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.07.01 11:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\ntuser.dat{81be8b84-25fa-11df-869a-806e6f6e6963}.TM.blf [2010.06.30 11:11:30 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.06.30 11:11:30 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.06.30 10:14:40 | 003,992,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.29 18:47:29 | 000,143,648 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.29 18:47:06 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It!-Bibliothek 10.lnk [2010.06.29 18:46:29 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Picture It! Foto Premium 10.lnk [2010.06.29 14:47:04 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.06.29 14:27:06 | 000,010,271 | ---- | M] () -- C:\Users\Tom\.recently-used.xbel [2010.06.28 15:18:39 | 001,470,894 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.28 15:18:39 | 000,632,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.28 15:18:39 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.28 15:18:39 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.28 15:18:39 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.25 09:03:42 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010.06.24 15:28:23 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTomHaupt.jpg [2010.06.24 15:28:11 | 000,002,445 | ---- | M] () -- C:\Users\Tom\Desktop\GruberTom.jpg [2010.06.24 15:24:04 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\Lexware kassenbuch.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A24211BA < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 19:27:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 233,79 Gb Total Space | 180,86 Gb Free Space | 77,36% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 342,19 Gb Free Space | 57,40% Space Free | Partition Type: NTFS
Drive E: | 350,66 Gb Total Space | 280,09 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1,00 Gb Total Space | 0,93 Gb Free Space | 93,23% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 2,00 Gb Total Space | 2,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT
Drive S: | 7,47 Gb Total Space | 2,90 Gb Free Space | 38,84% Space Free | Partition Type: NTFS
Computer Name: THOMAS
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256815460-2344051577-3094882744-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10DE082F-0BF6-413A-81B7-178B7686B18E}" = lport=139 | protocol=6 | dir=in | app=system |
"{206C4885-96A1-4248-9DDA-53D8D987A8F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3BB8C0DA-48B2-43C6-A566-3C1C57DD29D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{5130E79B-92E8-412B-AEA1-78B36659DFEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{66B4675B-82BD-4C07-A254-52B1C2E93029}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F3B845B-68CE-480A-970C-B17E0874DE0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{8CAC0C0D-F472-41CD-9B77-9B14AF85AE9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D2AC46D1-884E-4B4C-9F05-887D2777AA5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6FEAFB0-5886-4B13-B643-D89EF62A0F1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FBA60771-6CE0-4093-B931-26BD07AEA54A}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{248E7A74-79E8-4DC3-8807-12A79C43DB4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83FD7EE3-52EB-4027-A649-BB19A70440C3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE973020-EA8B-44ED-82C5-8A3C4CBFCC06}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C834F985-E2EB-4145-BDB0-AB680E14ED7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC629A22-1875-4848-90F9-42A3FB43960F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1B93304-0481-41C9-A6E6-36C6F7361805}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAE08B5B-194F-42E2-B5D9-FD1CDC7FE18C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F0D0891E-ADF7-4501-9367-278965D22CA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3D150E3-8A72-467D-84B6-C621F5872B17}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F5961826-1C21-4511-ABBB-9647997BAF75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B459011-AD61-4189-8EC4-EE3FE8AF6534}" = Lexware kassenbuch
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69A13D2F-A08F-619A-1D42-94CB96F3635A}" = ATI Catalyst Install Manager
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0407-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-Bit
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{eaef2dc5-664f-46a6-a91a-e800282fc8df}" = Nero 9
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.0" = Biet-O-Matic v2.14.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FileZilla Client" = FileZilla Client 3.3.3
"Free Studio_is1" = Free Studio version 4.6
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IncrediMail" = IncrediMail 2.0
"IsoBuster_is1" = IsoBuster 2.5
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Oryte_Games_1.9 Toolbar" = Oryte_Games_1.9 Toolbar
"PhotoMail" = PhotoMail Maker
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Schmaili_is1" = Schmaili 9.0
"Trillian" = Trillian
"TuneUp Utilities" = TuneUp Utilities
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
24.07.2010, 14:26
| #4 |
| | IE Problem mit Werbung und hier der Rest, hoffentlich ist das so richtig? ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( ) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256815460-2344051577-3094882744-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10DE082F-0BF6-413A-81B7-178B7686B18E}" = lport=139 | protocol=6 | dir=in | app=system | "{206C4885-96A1-4248-9DDA-53D8D987A8F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3BB8C0DA-48B2-43C6-A566-3C1C57DD29D7}" = rport=138 | protocol=17 | dir=out | app=system | "{5130E79B-92E8-412B-AEA1-78B36659DFEE}" = rport=445 | protocol=6 | dir=out | app=system | "{66B4675B-82BD-4C07-A254-52B1C2E93029}" = lport=138 | protocol=17 | dir=in | app=system | "{6F3B845B-68CE-480A-970C-B17E0874DE0A}" = rport=139 | protocol=6 | dir=out | app=system | "{8CAC0C0D-F472-41CD-9B77-9B14AF85AE9B}" = lport=445 | protocol=6 | dir=in | app=system | "{D2AC46D1-884E-4B4C-9F05-887D2777AA5D}" = lport=137 | protocol=17 | dir=in | app=system | "{D6FEAFB0-5886-4B13-B643-D89EF62A0F1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FBA60771-6CE0-4093-B931-26BD07AEA54A}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{248E7A74-79E8-4DC3-8807-12A79C43DB4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{83FD7EE3-52EB-4027-A649-BB19A70440C3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{BE973020-EA8B-44ED-82C5-8A3C4CBFCC06}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C834F985-E2EB-4145-BDB0-AB680E14ED7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC629A22-1875-4848-90F9-42A3FB43960F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E1B93304-0481-41C9-A6E6-36C6F7361805}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EAE08B5B-194F-42E2-B5D9-FD1CDC7FE18C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F0D0891E-ADF7-4501-9367-278965D22CA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F3D150E3-8A72-467D-84B6-C621F5872B17}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{F5961826-1C21-4511-ABBB-9647997BAF75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1B459011-AD61-4189-8EC4-EE3FE8AF6534}" = Lexware kassenbuch "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10 "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{69A13D2F-A08F-619A-1D42-94CB96F3635A}" = ATI Catalyst Install Manager "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0048-0407-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-Bit "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10 "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{eaef2dc5-664f-46a6-a91a-e800282fc8df}" = Nero 9 "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Office-Drive Manager" = 1&1 Office-Drive Manager "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3 "AVMWLANCLI" = AVM FRITZ!WLAN "Biet-O-Matic v2.14.0" = Biet-O-Matic v2.14.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "eMule" = eMule "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "FileZilla Client" = FileZilla Client 3.3.3 "Free Studio_is1" = Free Studio version 4.6 "ID3-TagIT 3_is1" = ID3-TagIT 3 "IncrediMail" = IncrediMail 2.0 "IsoBuster_is1" = IsoBuster 2.5 "JunkFilterPlus" = IncrediMail JunkFilter Plus "KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Oryte_Games_1.9 Toolbar" = Oryte_Games_1.9 Toolbar "PhotoMail" = PhotoMail Maker "PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10 "Schmaili_is1" = Schmaili 9.0 "Trillian" = Trillian "TuneUp Utilities" = TuneUp Utilities "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
26.07.2010, 14:46
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE Problem mit WerbungZitat:
Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu IE Problem mit Werbung |
| antworten, anweisung, dankbar, falsch, forum, gestern, ie werbefenster, lösung, mögliche, nacht, neu, neues, neueste, nicht mehr, offene, problem, recht, sache, sachen, schritt, spiele, vista, werbung, windows, windows vista, worte |
Linear-Darstellung
