So, ich hab mich jetzt mal von Schritt 1 zu Schritt 9 durchgearbeitet...
Hier meine Resultate: zu 2.
Das Ergebnis nach dem Fixen mit Otl: Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Folder C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com\ not found.
C:\Programme\Mozilla Firefox\components\Scriptff.dll moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File c:\progra~1\mcafee\msc\npmcsn~1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Leila\Desktop\cmd.bat deleted successfully.
C:\Users\Leila\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Leila
->Temp folder emptied: 426814678 bytes
->Temporary Internet Files folder emptied: 26247160 bytes
->Java cache emptied: 110427 bytes
->FireFox cache emptied: 95882283 bytes
->Google Chrome cache emptied: 335204230 bytes
->Flash cache emptied: 76151 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 543569456 bytes
RecycleBin emptied: 2164 bytes
Total Files Cleaned = 1.362,00 mb
OTL by OldTimer - Version 3.2.70.2 log created on 10042012_155618
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
zu 7.
Das Eset-Protokoll: Code:
F:\$RECYCLE.BIN\S-1-5-21-1053554210-2968338467-1938491687-1000\$RWDKD1F.inf Win32/Bflient.K worm cleaned by deleting - quarantined
F:\NAPULJ\sicilija.exe a variant of Win32/Bflient.M worm cleaned by deleting - quarantined
F:\OLJA\karlewsa.exe a variant of Win32/Bflient.P worm cleaned by deleting - quarantined
G:\OLJA\karlewsa.exe a variant of Win32/Bflient.P worm cleaned by deleting - quarantined
zu 8.
Die Otl.txt: Code:
OTL logfile created on: 04.10.2012 21:35:24 - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free
3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
PRC - [2012.08.08 22:39:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 08:54:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.04 00:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
PRC - [2010.10.20 20:06:44 | 001,381,728 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2010.10.18 22:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Dell\duo Stage\duoStage.exe
PRC - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe
PRC - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 22:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe
PRC - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010.07.30 21:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe
PRC - [2010.07.30 21:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe
PRC - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 18:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010.05.13 01:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2010.01.20 16:45:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\syncables.exe
PRC - [2010.01.20 16:45:00 | 000,220,976 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\OTiSyncApp.exe
PRC - [2010.01.20 16:45:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.14 10:38:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:37:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.10 11:37:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll
MOD - [2012.05.10 11:32:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 11:30:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012.05.10 11:29:25 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.10 11:29:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 11:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 11:28:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 11:28:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.04 00:37:10 | 000,146,032 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll
MOD - [2010.09.29 17:46:26 | 000,103,488 | ---- | M] () -- C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll
MOD - [2010.08.12 02:19:34 | 000,077,024 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010.08.12 02:19:32 | 000,109,792 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STPE.dll
MOD - [2010.08.12 02:19:32 | 000,072,928 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010.08.12 02:19:30 | 000,232,672 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010.08.12 02:19:30 | 000,126,176 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STLog.dll
MOD - [2010.08.12 02:19:30 | 000,119,008 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010.08.12 02:19:26 | 001,121,504 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010.01.20 16:45:00 | 000,090,112 | ---- | M] () -- C:\Programme\syncables\syncables desktop\2208TR.dll
MOD - [2009.12.23 18:45:04 | 007,505,920 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtGui4.dll
MOD - [2009.09.09 03:51:08 | 000,347,648 | ---- | M] () -- C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll
MOD - [2009.09.09 03:50:52 | 000,177,664 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtSql4.dll
MOD - [2009.09.08 22:01:32 | 002,070,528 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtCore4.dll
MOD - [2009.07.18 01:08:36 | 000,850,944 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtNetwork4.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.25 18:05:10 | 000,311,296 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtXml4.dll
MOD - [2007.04.13 17:39:14 | 000,252,672 | ---- | M] () -- C:\Programme\Dell\duo Stage\kgl.dll
========== Services (SafeList) ==========
SRV - [2012.09.21 12:01:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.05 20:05:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg)
SRV - [2010.09.23 21:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Stopped] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock)
SRV - [2010.09.23 00:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - [2012.05.09 08:54:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 08:54:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.01.06 11:37:26 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV - [2011.01.05 11:45:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.21 19:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH)
DRV - [2010.08.12 18:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010.07.31 05:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.07.30 23:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.30 19:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.07.30 19:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.07.30 19:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.07.30 19:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.07.30 19:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.07.30 19:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.07.22 19:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.22 21:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.06.22 12:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.25 01:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.02.23 04:48:32 | 000,010,624 | ---- | M] (ConnectSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QWARQNet.sys -- (QWARQNet)
DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.05.28 18:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2007.06.04 11:53:20 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2006.11.02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = ?????????�?????�?`?????´
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Y:\
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.04 17:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 11:49:18 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
========== Files - Modified Within 30 Days ==========
[2012.10.04 21:01:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 17:26:11 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 17:26:11 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 17:26:11 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 17:26:11 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 17:20:40 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.04 17:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 17:19:20 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 13:02:04 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
========== Purity Check ==========
< End of report >
und die Extra.txt: Code:
OTL Extras logfile created on: 04.10.2012 21:35:24 - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Leila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free
3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system |
"{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system |
"{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe |
"{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net (06/04/2007 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.4
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1101382
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1101382
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102474
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102474
Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (13340) Asapi: (14:40:34:1120)(13340) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'
Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (13340) Asapi: (14:40:34:4130)(13340) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.
Error - 02.10.2012 13:25:12 | Computer Name = Leila-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: deeqm0ze.exe, Version: 1.0.15.15641,
Zeitstempel: 0x4e21f2b1 Name des fehlerhaften Moduls: deeqm0ze.exe, Version: 1.0.15.15641,
Zeitstempel: 0x4e21f2b1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c676 ID des fehlerhaften
Prozesses: 0x1774 Startzeit der fehlerhaften Anwendung: 0x01cda0c274b8b42c Pfad der
fehlerhaften Anwendung: C:\Users\Leila\Downloads\deeqm0ze.exe Pfad des fehlerhaften
Moduls: C:\Users\Leila\Downloads\deeqm0ze.exe Berichtskennung: 1e9679ee-0cb6-11e2-a9f0-0a004ef6fa3d
Error - 02.10.2012 13:30:21 | Computer Name = Leila-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ Dell Events ]
Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ System Events ]
Error - 04.10.2012 10:44:04 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 04.10.2012 11:20:01 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = DCOM | ID = 10005
Description =
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 04.10.2012 11:31:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
zu 9.
Hier die Ergebnisse von der Datei-Überprüfung mit VirusTotal:
1. C:\Users\Leila\Desktop\deeqm0ze.exe Code:
SHA256: ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0
SHA1: bca23ce5d074b45038076bcd19e5beea2d55fbef
MD5: ff72056739c31e4cc920fbdff4f9a8e5
File size: 295.5 KB ( 302592 bytes )
File name: deeqm0ze.exe
File type: Win32 EXE
Detection ratio: 1 / 41
Analysis date: 2012-10-04 20:35:40 UTC ( 1 Minute ago )
Antivirus Result Update
Agnitum - 20121004
AntiVir - 20121004
Antiy-AVL - 20121003
Avast - 20121004
AVG - 20121004
BitDefender - 20121004
CAT-QuickHeal - 20121004
ClamAV - 20121004
Commtouch - 20121004
Comodo - 20121004
DrWeb - 20121004
Emsisoft - 20120919
eSafe - 20121002
ESET-NOD32 - 20121004
F-Prot - 20121004
F-Secure - 20121003
Fortinet - 20121004
GData - 20121004
Ikarus - 20121004
Jiangmin Trojan/JmGenGeneric.aic 20121003
K7AntiVirus - 20121004
Kaspersky - 20121004
Kingsoft - 20120925
McAfee - 20121004
McAfee-GW-Edition - 20121004
Microsoft - 20121004
Norman - 20121003
nProtect - 20121004
Panda - 20121004
PCTools - 20121004
Rising - 20120928
Sophos - 20121004
SUPERAntiSpyware - 20120911
Symantec - 20121003
TheHacker - 20121004
TotalDefense - 20121004
TrendMicro - 20121004
TrendMicro-HouseCall - 20121004
VBA32 - 20121004
VIPRE - 20121004
ViRobot - 20121004
2. C:\Users\Leila\g2mdlhlpx.exe Code:
SHA256: 407168a8d891526b37bc66c2f7fa97df91fa11dd0810bb274c89ff9d66105423
File name: g2mdlhlpx.exe
Detection ratio: 1 / 42
Analysis date: 2012-10-04 20:43:13 UTC ( 1 Minute ago )
Antivirus Result Update
AhnLab-V3 - 20121003
AntiVir - 20121003
Antiy-AVL - 20121002
Avast - 20121003
AVG - 20121003
BitDefender - 20121003
ByteHero - 20121004
CAT-QuickHeal - 20121002
ClamAV - 20121003
Commtouch - 20121003
Comodo - 20121003
DrWeb - 20121003
Emsisoft - 20120919
eSafe - 20121002
ESET-NOD32 - 20121003
F-Prot - 20120926
F-Secure - 20121003
Fortinet - 20121003
GData - 20121003
Ikarus - 20121003
Jiangmin - 20121002
K7AntiVirus - 20121002
Kaspersky - 20121003
McAfee - 20121003
McAfee-GW-Edition - 20121003
Microsoft - 20121003
MicroWorld-eScan - 20121003
Norman - 20121003
nProtect - 20121003
Panda - 20121002
PCTools - 20121003
Rising - 20120928
Sophos - 20121003
SUPERAntiSpyware - 20120911
Symantec - 20121003
TheHacker Posible_Worm32 20121001
TotalDefense - 20121003
TrendMicro - 20121003
TrendMicro-HouseCall - 20121003
VBA32 - 20121003
VIPRE - 20121003
ViRobot - 20121003
Ok, ich hoffe, dass ich das alles richtig gemacht habe und es das ist, was du brauchst.
Das Startfenster kommt immernoch, wenn ich Mozilla oder Googlechrome aufmache... vielleicht soll das an diesem Punkt ja noch so sein...?
lg,
gesa |
