| |
| |||||||
Log-Analyse und Auswertung: Probleme nach Virensann mit MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 13:10
| #1 |
 |  Probleme nach Virensann mit Malwarebytes Hallo zusammen, Gestern sagte mir mein System, dass meine Festplatte im kritischen Zustand ist (die exakte Fehlermeldung weiß ich leider nicht mehr). Ich konnte auf einmal meinen Desktophintergrund in die dortigen Dateien nicht mehr sehen. Auch meine zwei Laufwerke waren verschwunden. Nach einigem Googlen kam ich auf euer Forum und führte die Anleitung zum Entfernen des Plagegeists via "Malwarebytes-Anti Malware" durch. Vielen Dank für die super Anleitung!!! Ich wollte aber sichergehen, ob nun wirklich alles wieder in Ordnung ist und euch bitten, mal über die heute durchgeführten logfiles zu schaun, die ich nach dem Löschen der Malware erstellt habe. Einige Problem habe ich außerdem: - die Ordner bzw. Dateien, die ich nach dem Befall nicht sehen konnte erscheinen jetzt nur blass und sind wohl weiterhin "unsichtbar". Die würde ich gerne wieder "normal sehen". - meine Schnellstartleiste ist nicht mehr vorhanden. Was muss ich hier machen? = im Grunde will ich einfach wieder da sein, wo ich vor dem Befall war  Vielen Dank für eure Antworten und eure Hilfe! Danke für Eure Bemühung! Viele Grüße, Geändert von Flitzer8 (26.04.2011 um 13:20 Uhr) |
|
27.04.2011, 20:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Probleme nach Virensann mit Malwarebytes Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
27.04.2011, 20:51
| #3 |
| | Probleme nach Virensann mit Malwarebytes Hier noch die restlichen beiden:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 26.04.2011 13:05:43 mbam-log-2011-04-26 (13-05-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 177028 Laufzeit: 4 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnTUynXQPRYn (Trojan.FakeAlert) -> Value: lnTUynXQPRYn -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\lntuynxqpryn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\jar_cache824831397000996081.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\tmp6411.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\tmp6412.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 26.04.2011 13:16:36 mbam-log-2011-04-26 (13-16-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 176890 Laufzeit: 6 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
28.04.2011, 09:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Hallo und  Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.04.2011, 17:56
| #5 |
| | Probleme nach Virensann mit Malwarebytes Hallo, Vielen Dank erstmal! Hier nun die Log-files... (Hoffe es ist kein Problem, wenn ich die so poste.)OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 18:45:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys () DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys () DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys () DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys () DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys () DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys () DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M] [2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions [2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com [2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com [2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com [2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml [2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml [2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml [2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml [2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml [2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml [2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml [2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml [2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml [2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml [2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml [2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss [2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox [2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.28 18:38:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 18:31:32 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.28 18:31:32 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.28 18:31:32 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.28 18:31:32 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.28 18:31:31 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.28 18:24:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.04.28 18:24:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 18:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 18:23:55 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.30 20:50:40 | 000,001,076 | ---- | M] () -- C:\Users\Simon\Desktop\DVDVideoSoft Free Studio.lnk [2011.03.30 20:50:23 | 000,001,235 | ---- | M] () -- C:\Users\Simon\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat [2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI [2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini [2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll [1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL [1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll < End of report > und numero 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2011 12:06:00 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.03.2011 12:07:29 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2011 15:25:46 | Computer Name = Simon-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 2.0.0.4094, Zeitstempel
0x4d83749c, fehlerhaftes Modul NPSWF32.dll, Version 10.1.102.64, Zeitstempel 0x4cc0fe23,
Ausnahmecode 0xc0000005, Fehleroffset 0x000cb46c, Prozess-ID 0xd78, Anwendungsstartzeit
01cbecaebc3332f5.
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.03.2011 05:17:57 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2011 15:30:33 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ea0 Anfangszeit: 01cbed6adf399400 Zeitpunkt
der Beendigung: 113
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.04.2011 06:16:26 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 06:17:56 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 07:08:22 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 07:09:51 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
28.04.2011, 17:57
| #6 |
| | Probleme nach Virensann mit Malwarebytes Hallo, Vielen Dank erstmal! Hier nun die Log-files... (Hoffe es ist kein Problem, wenn ich die so poste.)OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 18:45:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys () DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys () DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys () DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys () DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys () DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys () DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M] [2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions [2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com [2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com [2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com [2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml [2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml [2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml [2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml [2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml [2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml [2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml [2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml [2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml [2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml [2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml [2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss [2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox [2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.28 18:38:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 18:31:32 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.28 18:31:32 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.28 18:31:32 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.28 18:31:32 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.28 18:31:31 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.28 18:24:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.04.28 18:24:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 18:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 18:23:55 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.30 20:50:40 | 000,001,076 | ---- | M] () -- C:\Users\Simon\Desktop\DVDVideoSoft Free Studio.lnk [2011.03.30 20:50:23 | 000,001,235 | ---- | M] () -- C:\Users\Simon\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat [2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI [2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini [2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll [1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL [1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll < End of report > und numero 2: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2011 12:06:00 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.03.2011 12:07:29 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2011 15:25:46 | Computer Name = Simon-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 2.0.0.4094, Zeitstempel
0x4d83749c, fehlerhaftes Modul NPSWF32.dll, Version 10.1.102.64, Zeitstempel 0x4cc0fe23,
Ausnahmecode 0xc0000005, Fehleroffset 0x000cb46c, Prozess-ID 0xd78, Anwendungsstartzeit
01cbecaebc3332f5.
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.03.2011 05:17:57 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2011 15:30:33 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ea0 Anfangszeit: 01cbed6adf399400 Zeitpunkt
der Beendigung: 113
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.04.2011 06:16:26 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 06:17:56 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 07:08:22 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 07:09:51 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
28.04.2011, 19:05
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Ich wollte zuerst den Vollscan mit MBAM sehen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2011, 22:37
| #8 |
| | Probleme nach Virensann mit Malwarebytes Hier der komplett-scann... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 28.04.2011 23:33:10 mbam-log-2011-04-28 (23-33-10).txt Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|M:\|) Durchsuchte Objekte: 392664 Laufzeit: 1 Stunde(n), 16 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
29.04.2011, 10:33
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit MalwarebytesZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2011, 23:26
| #10 |
| | Probleme nach Virensann mit Malwarebytes So, alles erledigt. hier die otl-logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2011 00:06:17 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys () DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys () DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys () DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys () DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M] [2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions [2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com [2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com [2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com [2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml [2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml [2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml [2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml [2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml [2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml [2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml [2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml [2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml [2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml [2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml [2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss [2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox [2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.29 23:38:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.29 22:51:05 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.29 22:51:05 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.29 22:51:05 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.29 22:51:05 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.29 22:51:05 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.29 22:45:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 22:44:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.04.29 22:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.29 22:44:47 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat [2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI [2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini [2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll [1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL [1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll OTL Extras logfile created on: 30.04.2011 00:06:17 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system | "{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system | "{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system | "{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system | "{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system | "{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system | "{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system | "{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system | "{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system | "{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system | "{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system | "{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system | "{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe | "TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe | "TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe | "TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe | "TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe | "UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe | "UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe | "UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe | "UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NIS2009" = Norton Internet Security 2009 "NVIDIA Drivers" = NVIDIA Drivers "Office2007" = Microsoft Office Home and Student "WinRAR archiver" = WinRAR "Works9se" = Microsoft Works 9.0 SE "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC "{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition "ArcGIS Tutorial Data" = ArcGIS Tutorial Data "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EasyBits Magic Desktop" = EasyBits Magic Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.57 "ICQToolbar" = ICQ Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "numpy-py2.5" = Python 2.5 numpy-1.0.3 "Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3 "Python 2.5.1" = Python 2.5.1 "SopCast" = SopCast 3.2.9 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2011 14:22:21 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002 Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1294 Anfangszeit: 01cbef0569eb5280 Zeitpunkt der Beendigung: 65 Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.03.2011 12:23:02 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 03.04.2011 13:57:38 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2011 16:09:04 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2011 16:10:14 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2011 16:44:52 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2011 16:46:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
|
29.04.2011, 23:26
| #11 |
| | Probleme nach Virensann mit Malwarebytes So, alles erledigt. hier die otl-logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2011 00:06:17 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys () DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys () DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys () DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys () DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M] [2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions [2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com [2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com [2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com [2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml [2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml [2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml [2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml [2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml [2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml [2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml [2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml [2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml [2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml [2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml [2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss [2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox [2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.29 23:38:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.29 22:51:05 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.29 22:51:05 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.29 22:51:05 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.29 22:51:05 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.29 22:51:05 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.29 22:45:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 22:44:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.04.29 22:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.29 22:44:47 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg [2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg [2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll [2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf [2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf [2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png [2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk [2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat [2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI [2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini [2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll [1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL [1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll OTL Extras logfile created on: 30.04.2011 00:06:17 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system | "{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system | "{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system | "{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system | "{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system | "{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system | "{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system | "{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system | "{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system | "{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system | "{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system | "{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system | "{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe | "TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe | "TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe | "TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe | "TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe | "UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe | "UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe | "UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe | "UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NIS2009" = Norton Internet Security 2009 "NVIDIA Drivers" = NVIDIA Drivers "Office2007" = Microsoft Office Home and Student "WinRAR archiver" = WinRAR "Works9se" = Microsoft Works 9.0 SE "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC "{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition "ArcGIS Tutorial Data" = ArcGIS Tutorial Data "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EasyBits Magic Desktop" = EasyBits Magic Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.57 "ICQToolbar" = ICQ Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "numpy-py2.5" = Python 2.5 numpy-1.0.3 "Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3 "Python 2.5.1" = Python 2.5.1 "SopCast" = SopCast 3.2.9 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = Error - 30.03.2011 14:22:21 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002 Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1294 Anfangszeit: 01cbef0569eb5280 Zeitpunkt der Beendigung: 65 Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.03.2011 12:23:02 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 03.04.2011 13:57:38 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2011 16:09:04 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2011 16:10:14 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2011 16:44:52 | Computer Name = Simon-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2011 16:46:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
|
30.04.2011, 02:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
[2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2011, 10:13
| #13 |
| | Probleme nach Virensann mit Malwarebytes All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll moved successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully. File move failed. C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. File C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully. C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully. File C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. File Sicherheit\tbZone.dll not found. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. File C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. File C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found. File Sicherheit\tbZone.dll not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found. File I:\pushinst.exe not found. C:\Windows\Internet Logs folder moved successfully. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Simon ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 4115627302 bytes ->Java cache emptied: 75361247 bytes ->FireFox cache emptied: 381403269 bytes ->Google Chrome cache emptied: 6352857 bytes ->Flash cache emptied: 892708 bytes %systemdrive% .tmp files removed: 69206016 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 186848173 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.612,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04302011_105633 Files\Folders moved on Reboot... File move failed. C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNOUKLYE\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGXFMWD5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI89H5H2\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEA2YJWE\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18C7JC2Q\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
01.05.2011, 13:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 20:51
| #15 |
| | Probleme nach Virensann mit Malwarebytes 2011/05/01 21:45:35.0369 4940 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/05/01 21:45:35.0647 4940 ================================================================================ 2011/05/01 21:45:35.0647 4940 SystemInfo: 2011/05/01 21:45:35.0647 4940 2011/05/01 21:45:35.0647 4940 OS Version: 6.0.6001 ServicePack: 1.0 2011/05/01 21:45:35.0647 4940 Product type: Workstation 2011/05/01 21:45:35.0647 4940 ComputerName: SIMON-PC 2011/05/01 21:45:35.0647 4940 UserName: Simon 2011/05/01 21:45:35.0647 4940 Windows directory: C:\Windows 2011/05/01 21:45:35.0648 4940 System windows directory: C:\Windows 2011/05/01 21:45:35.0648 4940 Running under WOW64 2011/05/01 21:45:35.0648 4940 Processor architecture: Intel x64 2011/05/01 21:45:35.0648 4940 Number of processors: 4 2011/05/01 21:45:35.0648 4940 Page size: 0x1000 2011/05/01 21:45:35.0648 4940 Boot type: Normal boot 2011/05/01 21:45:35.0648 4940 ================================================================================ 2011/05/01 21:45:36.0672 4940 Initialize success 2011/05/01 21:45:37.0872 4204 ================================================================================ 2011/05/01 21:45:37.0872 4204 Scan started 2011/05/01 21:45:37.0872 4204 Mode: Manual; 2011/05/01 21:45:37.0872 4204 ================================================================================ 2011/05/01 21:45:38.0594 4204 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys 2011/05/01 21:45:38.0647 4204 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2011/05/01 21:45:38.0701 4204 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2011/05/01 21:45:38.0730 4204 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2011/05/01 21:45:38.0761 4204 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2011/05/01 21:45:38.0831 4204 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys 2011/05/01 21:45:38.0869 4204 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2011/05/01 21:45:38.0927 4204 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/05/01 21:45:38.0999 4204 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 2011/05/01 21:45:39.0026 4204 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2011/05/01 21:45:39.0063 4204 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 2011/05/01 21:45:39.0139 4204 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2011/05/01 21:45:39.0172 4204 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2011/05/01 21:45:39.0211 4204 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/01 21:45:39.0243 4204 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys 2011/05/01 21:45:39.0289 4204 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/01 21:45:39.0339 4204 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/01 21:45:39.0392 4204 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 2011/05/01 21:45:39.0447 4204 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2011/05/01 21:45:39.0481 4204 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/01 21:45:39.0528 4204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/05/01 21:45:39.0552 4204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/05/01 21:45:39.0586 4204 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/05/01 21:45:39.0615 4204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/05/01 21:45:39.0643 4204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/05/01 21:45:39.0663 4204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/05/01 21:45:39.0695 4204 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/05/01 21:45:39.0739 4204 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/01 21:45:39.0763 4204 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/01 21:45:39.0804 4204 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 2011/05/01 21:45:39.0878 4204 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys 2011/05/01 21:45:39.0944 4204 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2011/05/01 21:45:39.0973 4204 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 2011/05/01 21:45:40.0018 4204 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2011/05/01 21:45:40.0057 4204 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys 2011/05/01 21:45:40.0097 4204 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys 2011/05/01 21:45:40.0194 4204 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/05/01 21:45:40.0259 4204 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/01 21:45:40.0341 4204 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/05/01 21:45:40.0396 4204 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys 2011/05/01 21:45:40.0507 4204 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2011/05/01 21:45:40.0573 4204 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2011/05/01 21:45:40.0634 4204 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys 2011/05/01 21:45:40.0695 4204 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys 2011/05/01 21:45:40.0740 4204 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/01 21:45:40.0765 4204 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/05/01 21:45:40.0790 4204 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/05/01 21:45:40.0851 4204 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/01 21:45:40.0880 4204 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys 2011/05/01 21:45:40.0924 4204 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/01 21:45:40.0994 4204 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys 2011/05/01 21:45:41.0027 4204 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2011/05/01 21:45:41.0125 4204 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 2011/05/01 21:45:41.0157 4204 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/01 21:45:41.0192 4204 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/05/01 21:45:41.0224 4204 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/05/01 21:45:41.0267 4204 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/01 21:45:41.0323 4204 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2011/05/01 21:45:41.0392 4204 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys 2011/05/01 21:45:41.0456 4204 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys 2011/05/01 21:45:41.0501 4204 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2011/05/01 21:45:41.0542 4204 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/01 21:45:41.0583 4204 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2011/05/01 21:45:41.0645 4204 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/05/01 21:45:41.0728 4204 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys 2011/05/01 21:45:41.0799 4204 IntcAzAudAddService (504eaa8a5a61b051ad5b26205fc00e12) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/01 21:45:41.0835 4204 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2011/05/01 21:45:41.0860 4204 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/01 21:45:41.0928 4204 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/01 21:45:42.0014 4204 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2011/05/01 21:45:42.0046 4204 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/05/01 21:45:42.0092 4204 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/05/01 21:45:42.0131 4204 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2011/05/01 21:45:42.0251 4204 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/01 21:45:42.0379 4204 ISWKL (01f2ab91de44a98834c27d265e8ebecb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 2011/05/01 21:45:42.0411 4204 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/05/01 21:45:42.0468 4204 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/05/01 21:45:42.0498 4204 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/01 21:45:42.0513 4204 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/01 21:45:42.0593 4204 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/01 21:45:42.0635 4204 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/05/01 21:45:42.0679 4204 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/01 21:45:42.0732 4204 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2011/05/01 21:45:42.0766 4204 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2011/05/01 21:45:42.0819 4204 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2011/05/01 21:45:42.0834 4204 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/05/01 21:45:42.0892 4204 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2011/05/01 21:45:43.0001 4204 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2011/05/01 21:45:43.0067 4204 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/05/01 21:45:43.0095 4204 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/01 21:45:43.0113 4204 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/01 21:45:43.0151 4204 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/01 21:45:43.0193 4204 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/05/01 21:45:43.0218 4204 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2011/05/01 21:45:43.0251 4204 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/01 21:45:43.0309 4204 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/05/01 21:45:43.0325 4204 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys 2011/05/01 21:45:43.0391 4204 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/01 21:45:43.0440 4204 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/01 21:45:43.0470 4204 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/01 21:45:43.0522 4204 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 2011/05/01 21:45:43.0556 4204 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2011/05/01 21:45:43.0596 4204 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/05/01 21:45:43.0632 4204 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/05/01 21:45:43.0679 4204 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/01 21:45:43.0733 4204 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/01 21:45:43.0760 4204 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/05/01 21:45:43.0788 4204 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys 2011/05/01 21:45:43.0826 4204 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/01 21:45:43.0864 4204 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/05/01 21:45:43.0883 4204 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys 2011/05/01 21:45:43.0931 4204 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/01 21:45:44.0020 4204 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys 2011/05/01 21:45:44.0040 4204 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/01 21:45:44.0083 4204 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/01 21:45:44.0137 4204 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/01 21:45:44.0170 4204 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/05/01 21:45:44.0209 4204 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/01 21:45:44.0233 4204 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/01 21:45:44.0292 4204 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/05/01 21:45:44.0320 4204 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys 2011/05/01 21:45:44.0347 4204 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/01 21:45:44.0473 4204 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys 2011/05/01 21:45:44.0499 4204 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/05/01 21:45:44.0563 4204 NVENETFD (ae17aae41fc47ada0b989d1fa6fba60b) C:\Windows\system32\DRIVERS\nvmfdx64.sys 2011/05/01 21:45:44.0816 4204 nvlddmkm (633c64afd2b819acef2f090b216b3431) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/05/01 21:45:44.0904 4204 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2011/05/01 21:45:44.0941 4204 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2011/05/01 21:45:44.0995 4204 nvstor64 (d1f5dcf8d5a55c0fbbfb49c0ed1f2f5d) C:\Windows\system32\DRIVERS\nvstor64.sys 2011/05/01 21:45:45.0050 4204 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2011/05/01 21:45:45.0134 4204 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/01 21:45:45.0179 4204 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/05/01 21:45:45.0204 4204 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys 2011/05/01 21:45:45.0259 4204 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys 2011/05/01 21:45:45.0292 4204 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 2011/05/01 21:45:45.0325 4204 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/05/01 21:45:45.0363 4204 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/05/01 21:45:45.0479 4204 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/01 21:45:45.0508 4204 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2011/05/01 21:45:45.0554 4204 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/01 21:45:45.0573 4204 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/05/01 21:45:45.0626 4204 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2011/05/01 21:45:45.0709 4204 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/05/01 21:45:45.0763 4204 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/01 21:45:45.0789 4204 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/01 21:45:45.0868 4204 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/01 21:45:45.0892 4204 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/01 21:45:45.0929 4204 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/01 21:45:45.0980 4204 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/01 21:45:45.0994 4204 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/01 21:45:46.0053 4204 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 2011/05/01 21:45:46.0069 4204 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/01 21:45:46.0104 4204 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys 2011/05/01 21:45:46.0170 4204 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/01 21:45:46.0221 4204 RTL2832UBDA (49cd92147189a6f9425edec8d8852f7a) C:\Windows\system32\drivers\RTL2832UBDA.sys 2011/05/01 21:45:46.0241 4204 RTL2832UUSB (630d13c76463e3eaa6bd7940bcb73439) C:\Windows\system32\Drivers\RTL2832UUSB.sys 2011/05/01 21:45:46.0272 4204 RTL2832U_IRHID (47ad32186737302c42be8ba11564db57) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 2011/05/01 21:45:46.0309 4204 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/05/01 21:45:46.0350 4204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/01 21:45:46.0397 4204 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 2011/05/01 21:45:46.0449 4204 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 2011/05/01 21:45:46.0479 4204 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/05/01 21:45:46.0536 4204 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2011/05/01 21:45:46.0583 4204 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/01 21:45:46.0602 4204 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/01 21:45:46.0644 4204 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/05/01 21:45:46.0696 4204 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2011/05/01 21:45:46.0741 4204 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2011/05/01 21:45:46.0772 4204 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys 2011/05/01 21:45:46.0808 4204 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys 2011/05/01 21:45:46.0867 4204 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys 2011/05/01 21:45:46.0927 4204 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/01 21:45:46.0989 4204 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/01 21:45:47.0035 4204 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/01 21:45:47.0082 4204 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/05/01 21:45:47.0105 4204 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/05/01 21:45:47.0135 4204 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/05/01 21:45:47.0267 4204 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys 2011/05/01 21:45:47.0317 4204 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/01 21:45:47.0342 4204 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/01 21:45:47.0378 4204 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/05/01 21:45:47.0402 4204 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/05/01 21:45:47.0434 4204 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/01 21:45:47.0454 4204 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/01 21:45:47.0517 4204 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/01 21:45:47.0558 4204 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/05/01 21:45:47.0588 4204 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/01 21:45:47.0626 4204 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2011/05/01 21:45:47.0667 4204 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/01 21:45:47.0712 4204 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/01 21:45:47.0739 4204 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2011/05/01 21:45:47.0769 4204 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/05/01 21:45:47.0806 4204 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/05/01 21:45:47.0842 4204 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/01 21:45:47.0899 4204 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/01 21:45:47.0926 4204 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/05/01 21:45:47.0968 4204 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/01 21:45:48.0019 4204 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/01 21:45:48.0034 4204 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/01 21:45:48.0090 4204 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/01 21:45:48.0146 4204 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/01 21:45:48.0184 4204 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/01 21:45:48.0214 4204 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/01 21:45:48.0311 4204 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/01 21:45:48.0344 4204 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/05/01 21:45:48.0390 4204 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2011/05/01 21:45:48.0428 4204 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys 2011/05/01 21:45:48.0451 4204 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys 2011/05/01 21:45:48.0470 4204 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys 2011/05/01 21:45:48.0497 4204 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2011/05/01 21:45:48.0541 4204 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/05/01 21:45:48.0572 4204 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 21:45:48.0588 4204 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 21:45:48.0636 4204 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2011/05/01 21:45:48.0682 4204 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/01 21:45:48.0776 4204 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/01 21:45:48.0848 4204 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/05/01 21:45:48.0887 4204 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/01 21:45:48.0936 4204 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/01 21:45:49.0126 4204 ================================================================================ 2011/05/01 21:45:49.0126 4204 Scan finished 2011/05/01 21:45:49.0126 4204 ================================================================================ |
|
| Themen zu Probleme nach Virensann mit Malwarebytes |
| anleitung, antworten, befall, dateien, einfach, entfernen, erstellt, fehlermeldung, festplatte, forum, google, hallo zusammen, heute, logfiles, löschen, malware, malwarebytes, nicht mehr, ordner, platte, problem, probleme, super, system, wirklich |
Linear-Darstellung
