Virenscanner evtl. infiziert?

  • #1
U

uhk

Bekanntes Mitglied
Themenersteller
Dabei seit
14.11.2002
Beiträge
734
Reaktionspunkte
0
Ich habe seit Tagen einige Programme, welche fehlerhaft starten. Nun wollte ich einen vollständigen Virenscan durchführen, einmal mit dem Antivir welcher installiert ist und dann mit mehreren Online-Scannern. Alle bleiben nach ca. 20% des Scans irgendwo hängen (nicht alle bei der selben Datei) und kommen nicht mehr weiter. Allerdings wird nicht angezeigt, dass sie hängen, sondern es bleibt einfach beim angezeigten Prozentsatz. Windwos Vista Home Premium.
 
  • #2
Hallo uhk

erstmal, sind zu viele Virenscanner nicht so sehr gut, das mal nur mal am Rande erwähnt,
wenn Du diverse Scans machst, solltest Du auch Deinen *Wächter* mal temporär deaktivieren (Guard von Avira ...)

dann versuche doch mal, ein HijackLog (wenn Du es magst) ! hier zu posten, ob da etwas auffälliges zu sehen ist
hier kannst Du es downloaden:



nehme bitte diese Executable ! Version 2.0.4

auf deutsch gibt es das hier : (Anleitung)



achso, bitte mit Rechtsklick ausführen (Administrator) ;)
 
  • #3
Vielen Dank für Deine Antwort. Den Hijackthis habe ich seit längerem fest installiert und er hat mir schon 2 x heute gemeldet, es sei ein zup.exe vorhanden. Ich hab's dann blockiert. Aber die defekten Programme laufen trotzdem nicht. Soll ich trotzdem noch einen Log senden?
 
  • #4
zup.exe kenne ich nicht,


Das Log, das liegt an Dir, wenn Du es magst poste es. ;)

Ich kann aber nur nach den wichtigen Sachen schauen, alles weiß ich leider auch nicht, Aber drüber gucken
kann man ja mal.

Oder Du nimmst das Malwarebytes :



vorher ein update machen! Dann temporär den Guard von Avira bitte deaktivieren.

Aber das HijackLOG wäre mal besser...gucken.... ;)
 
  • #5
also, mit dem Hijackthis kann ich kein Logfile erstellen (Fehlermeldung). Ich habe nun den Malwarebites installiert (auch mit einer Fehlermeldung) und er ist am laufen. Ich sende Dir das Resultat des Quick Scan. Beim Googeln für zup.exe habe ich viel gefährliches gelesen. Vielleicht ist das wirklich das Problem. Ich kann momentan auch keine Programme ohne Fehlermeldung installieren. Z.B. bei birth check - welches beim Starten die Fehlermeldung Zeile 3497 anzeigt, kann ich gar keinen Download starten. Es heiss dann, ich hätte keine Berechtigung, diese Datei zu speichern.

Nachfolgend das Log:

Malwarebytes' Anti-Malware 1.50.1.1100


Datenbank Version: 5640

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

30.01.2011 17:50:09
mbam-log-2011-01-30 (17-50-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166817
Laufzeit: 24 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
 
  • #7
ganz ganz kurz: Danke @ schrauber ;)
 
  • #8
Für was genau? :)
 
  • #9
ich kann das aufteilen, wie ich will (einen log bereits in 4 teile) - es kommt immer die meldung, dass es zu lang ist. [br][br]Erstellt am: 30.01.11 um 18:34:59
[br]Beim Gmer stürzt er beim Scannen nach ca. 15 Minuten ab und schliesst sich (Habe schon 2 x wiederholt)
 
  • #11
@July

Joah ich hatte gerade nix besseres zu tun :D

@uhk

Die Logfiles von OTL werden schon extrem lang, Du musst sie so teilen dass sie reinpassen, Du kannst so viele Posts verwenden wie Du brauchst :).

Mach Dir wegen Gmer keinen Kummer, das kommt schonmal vor. Lass das erstmal weg :).
 
  • #12
danke, aber nun kommt von antivir alle 2 minuten die meldung malware gefunden und von MS Security Essentials die Meldung Rogue: W32/Winwebgsec als gefährlicher Virus. Stets klicke ich auf entfernen und 1 Minute später kommt die gleiche Meldung wieder.
 
  • #13
OTL logfile created on: 30.01.2011 18:04:14 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Urs Kirchgraber\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.07 Gb Total Space | 192.22 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 281.30 Gb Free Space | 94.37% Space Free | Partition Type: NTFS
Drive E: | 12.02 Gb Total Space | 1.35 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
Drive H: | 149.01 Gb Total Space | 109.35 Gb Free Space | 73.38% Space Free | Partition Type: FAT32
Drive K: | 55.91 Gb Total Space | 41.45 Gb Free Space | 74.15% Space Free | Partition Type: FAT32

Computer Name: URSKIRCHGRAB-PC | User Name: Urs Kirchgraber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.01.30 18:03:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Urs Kirchgraber\Downloads\OTL.exe
PRC - [2011.01.30 15:21:58 | 006,416,120 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2011.01.21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011.01.04 13:58:14 | 000,421,576 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.17 11:07:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.14 16:44:20 | 000,216,456 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2010.12.09 15:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010.12.03 20:43:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.03 20:43:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.11.30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.29 13:09:48 | 000,908,344 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010.11.29 13:09:48 | 000,320,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010.11.29 13:09:48 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010.11.23 10:56:49 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.23 10:56:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.23 10:56:06 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.10.30 00:59:36 | 000,954,880 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010.10.24 14:52:53 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.11 12:55:58 | 000,066,040 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010.07.24 22:42:16 | 003,886,928 | ---- | M] (Alexander Miehlke Softwareentwicklung) -- C:\Program Files\TraXEx\TraXEx.exe
PRC - [2010.05.14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.03.09 03:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010.03.04 12:49:48 | 000,010,752 | ---- | M] () -- H:\Wuala Dokan\mounter.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009.12.16 15:02:11 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.12.14 14:45:36 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.12.14 14:45:31 | 002,166,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009.11.24 12:00:26 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- H:\IDrive\IDriveE Service.exe
PRC - [2009.11.12 16:00:48 | 001,007,616 | ---- | M] (Xmarks.com) -- C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
PRC - [2009.09.16 14:15:38 | 000,118,784 | ---- | M] ( Pro-Softnet) -- H:\IDrive\IDriveWebM.exe
PRC - [2009.07.13 10:50:54 | 000,719,392 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009.06.22 06:31:38 | 000,864,768 | ---- | M] (ActMask Co.,Ltd - ) -- C:\Windows\System32\PrintDisp.exe
PRC - [2009.06.16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - ) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009.05.03 11:22:28 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
PRC - [2009.04.22 21:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 21:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 07:27:45 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2006.07.02 07:42:34 | 000,212,992 | ---- | M] ([email protected]) -- C:\Program Files\SchreibFix\SchreibFix.exe
PRC - [2005.01.05 14:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Program Files\ATnotes\ATnotes.exe
 
  • #14
========== Modules (SafeList) ==========

MOD - [2011.01.30 18:03:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Urs Kirchgraber\Downloads\OTL.exe
MOD - [2010.12.09 15:18:41 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010.11.14 18:22:05 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010.11.14 18:22:05 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.01.14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.01.30 15:21:58 | 006,416,120 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2011.01.04 13:58:14 | 000,421,576 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010.12.17 11:07:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.29 13:09:48 | 000,908,344 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.11.29 13:09:48 | 000,320,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.11.23 10:56:49 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 12:49:48 | 000,010,752 | ---- | M] () [Auto | Running] -- H:\Wuala Dokan\mounter.exe -- (wDokanMounter)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.12.16 15:02:11 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.12.16 15:02:10 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.14 14:45:36 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.11.24 12:00:26 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- H:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.16 14:15:38 | 000,118,784 | ---- | M] ( Pro-Softnet) [Auto | Running] -- H:\IDrive\IDriveWebM.exe -- (IDriveWebM)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.13 10:50:54 | 000,719,392 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.06.16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - ) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2009.05.03 11:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)
SRV - [2009.04.22 21:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.04.22 21:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009.03.01 15:26:06 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
  • #15
========== Driver Services (SafeList) ==========

DRV - [2011.01.30 17:16:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{195CBD86-C5D4-40D1-9AF4-6785A044E0C5}\MpKslec7c924e.sys -- (MpKslec7c924e)
DRV - [2011.01.30 16:12:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{195CBD86-C5D4-40D1-9AF4-6785A044E0C5}\MpKslc8bfd05b.sys -- (MpKslc8bfd05b)
DRV - [2011.01.30 15:22:00 | 000,076,696 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2011.01.30 15:22:00 | 000,032,008 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2011.01.30 15:21:58 | 000,026,096 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010.12.22 10:52:43 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.11.23 10:56:50 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.08.25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.08.25 14:45:28 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.07.08 06:10:08 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.03.04 11:49:52 | 000,038,264 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\wdokan.sys -- (wDokan)
DRV - [2010.01.14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.01.14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.12.14 14:45:31 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.09.05 15:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.30 10:06:02 | 000,722,432 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.04.11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.24 07:29:34 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.11.24 07:29:34 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.11.24 07:29:34 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.09.29 17:27:56 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.26 20:14:12 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.07.21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.06.05 18:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2008.05.28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.10.11 12:24:00 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.03 13:33:28 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2004.06.03 20:10:36 | 000,033,792 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvc.sys -- (PIXMCV)
DRV - [2004.03.27 00:56:10 | 000,032,768 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvv.sys -- (PIXMCVV)
DRV - [2004.03.20 04:27:26 | 000,038,144 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcva.sys -- (PIXMCVA)
DRV - [2003.04.30 15:59:40 | 000,259,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Nuvision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL B/G)


========== Standard Registry (SafeList) ==========
 
  • #16
========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: Bing
FF - prefs.js..browser.search.defaultthis.engineName: Live TV Customized Web Search
FF - prefs.js..browser.search.defaulturl: http://search.conduit.com/ResultsExt.aspx?ctid=CT649865&SearchSource=3&q={searchTerms}
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: Google Deutschland
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage:
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}:1.2.5.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {f68df430-4534-4473-8ca4-d5de32268a8d}:3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ba243cb0-b824-4a26-9418-73ee795d9b9d}:1.0.4
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.63
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.2
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.106602
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {b69a9db4-d0a1-4722-b56b-f20757a29cdf}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {83D65D9A-9CCA-439B-9E4A-EC1FE481B443}:3.0.3.13
FF - prefs.js..extensions.enabledItems: {C947A5EF-A041-443B-AE55-4CC7C15A9C9A}:1.1.0.313


FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\firefox\ [2010.06.28 13:08:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.10 15:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010.05.13 12:47:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.06.14 08:35:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009.07.23 15:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.09 15:18:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.29 15:49:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 15:49:27 | 000,000,000 | ---D | M]

[2009.07.20 10:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Extensions
[2009.07.20 10:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009.03.26 18:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011.01.29 15:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions
[2010.09.25 14:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}-trash
[2011.01.29 14:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.28 12:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.01.28 13:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2011.01.29 15:00:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.29 15:00:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.01.29 15:00:21 | 000,000,000 | ---D | M] (Live TV Community Toolbar) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}
[2011.01.29 15:00:23 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2011.01.29 15:00:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.29 15:00:30 | 000,000,000 | ---D | M] (BetterPrivacy) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.01.29 15:00:47 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.01.29 15:00:44 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011.01.29 15:00:53 | 000,000,000 | ---D | M] (Furlan Language Pack) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\{f68df430-4534-4473-8ca4-d5de32268a8d}
[2011.01.29 15:00:53 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:00:55 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:00:55 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:00:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2010.07.23 13:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\firefox@ghostery(500).com
[2011.01.29 15:01:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:20 | 000,000,000 | ---D | M] (Xmarks) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:21 | 000,000,000 | ---D | M] (Dictionnaire français «Réforme 1990») -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:22 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:23 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:42 | 000,000,000 | ---D | M] (TrashMail.net) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 14:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\staged-xpis
[2011.01.29 15:01:46 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\support@lastpass(120).com
[2011.01.29 15:01:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.29 15:01:46 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\inoer5os.Standard-Benutzer\extensions\[email protected]
[2011.01.30 16:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.09.25 14:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}-trash
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (Unhide Passwords) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011.01.28 12:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.01.27 17:14:57 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010.05.29 13:47:04 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}(121)
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.09.15 10:08:18 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.01.28 13:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.01.29 14:38:01 | 000,000,000 | ---D | M] (Live TV Community Toolbar) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}
[2011.01.26 15:59:14 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2011.01.29 14:38:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.29 14:38:02 | 000,000,000 | ---D | M] (BetterPrivacy) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.01.29 14:38:02 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.01.29 14:38:03 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011.01.29 14:38:06 | 000,000,000 | ---D | M] (Furlan Language Pack) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\{f68df430-4534-4473-8ca4-d5de32268a8d}
[2010.11.20 17:26:02 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\[email protected]
[2011.01.29 14:37:55 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\[email protected]
[2011.01.29 14:37:56 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Urs Kirchgraber\AppData\Roaming\mozilla\Firefox\Profiles\zlg1df2z.default\extensions\[email protected]
 
  • #17
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool) - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (Microsoft Corporation)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\System32\PxSecure.dll (Prevx)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - H:\Programme\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (woerterbuch.info Toolbar ) - {7B0B549D-2EB3-4B56-8A29-B112ABECA310} - C:\Program Files\woerterbuch.info\woerte_13000_tb.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - H:\Programme\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (woerterbuch.info Toolbar ) - {7B0B549D-2EB3-4B56-8A29-B112ABECA310} - C:\Program Files\woerterbuch.info\woerte_13000_tb.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - )
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-G12JM.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] H:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Urs Kirchgraber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SchreibFix.lnk = C:\Program Files\SchreibFix\SchreibFix.exe (p
 
  • #18
tVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O8 - Extra context menu item: &woerterbuch.info Toolbar - Übersetzung - - C:\Program Files\woerterbuch.info\woerte_13000_tb.dll ()
O8 - Extra context menu item: &woerterbuch.info Toolbar -Synonym - - C:\Program Files\woerterbuch.info\woerte_13000_tb.dll ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra->Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra->Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra->Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra->Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra->Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra->Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: K:\Collage-vert.jpg
O24 - Desktop BackupWallPaper: K:\Collage-vert.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c80a67de-02af-11e0-900f-00235a22afee}\Shell - = AutoRun
O33 - MountPoints2\{c80a67de-02af-11e0-900f-00235a22afee}\Shell\AutoRun\command - = G:\iStudio.exe
O33 - MountPoints2\I\Shell\AutoRun\command - = setupSNK.exe -- [2008.01.21 03:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*

========== Files/Folders - Created Within 30 Days ==========

[2011.01.30 17:05:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.01.30 17:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Uniblue
[2011.01.30 17:05:17 | 000,000,000 | ---D | C] -- C:\Users\Urs Kirchgraber\AppData\Local\PackageAware
[2011.01.30 15:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Prevx 3.0
[2011.01.30 15:22:01 | 000,071,880 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2011.01.30 15:22:00 | 000,076,696 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2011.01.30 15:22:00 | 000,032,008 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2011.01.30 15:21:58 | 000,026,096 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2011.01.30 15:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011.01.30 15:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011.01.30 15:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\BirthCheck
[2011.01.29 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Urs Kirchgraber\AppData\Roaming\vlc
[2011.01.29 17:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN
[2011.01.29 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011.01.29 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Mozilla Firefox
[2011.01.26 15:20:10 | 000,000,000 | ---D | C] -- C:\Windows\TempC75FCCCB-09DC-7812-80D7-DFED1E9F89A5-Signatures
[2011.01.26 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.01.26 15:16:17 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.21 13:48:10 | 000,000,000 | ---D | C] -- C:\Users\Urs Kirchgraber\AppData\Local\PDF24
[2011.01.19 11:23:54 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.19 11:23:25 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.04 13:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\SpeedBit Video Accelerator
[2011.01.04 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2011.01.04 13:58:11 | 000,172,032 | ---- | C] (Jin Hui E-mail: [email protected] Web: ) -- C:\Windows\System32\AniGIF.ocx
[2011.01.04 13:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2011.01.02 16:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PDF24
[2011.01.02 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[1 C:\Users\Urs Kirchgraber\Desktop\*.tmp files -> C:\Users\Urs Kirchgraber\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.30 18:00:16 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.01.30 17:58:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.30 17:37:05 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873514469-936960180-1970695704-1000UA.job
[2011.01.30 17:17:19 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.01.30 17:16:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.30 17:16:15 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.01.30 17:16:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 17:16:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 17:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.30 17:15:51 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.30 17:12:58 | 000,709,456 | ---- | M] () -- C:\Windows\is-G12JM.exe
[2011.01.30 17:12:58 | 000,012,846 | ---- | M] () -- C:\Windows\is-G12JM.msg
[2011.01.30 17:12:58 | 000,000,333 | ---- | M] () -- C:\Windows\is-G12JM.lst
[2011.01.30 17:06:11 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.01.30 15:22:02 | 000,071,880 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2011.01.30 15:22:00 | 000,076,696 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2011.01.30 15:22:00 | 000,032,008 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2011.01.30 15:21:58 | 000,026,096 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2011.01.30 15:15:12 | 000,001,704 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BirthCheck.lnk
[2011.01.30 14:32:57 | 279,480,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.30 11:37:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873514469-936960180-1970695704-1000Core.job
[2011.01.30 11:12:51 | 000,000,036 | ---- | M] () -- C:\Users\Urs Kirchgraber\AppData\Local\housecall.guid.cache
 
  • #19
[2011.01.29 17:57:48 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.01.29 17:10:20 | 000,600,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.29 17:10:20 | 000,106,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.29 17:10:20 | 000,007,020 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011.01.29 17:10:20 | 000,007,020 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011.01.29 17:10:20 | 000,005,728 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011.01.29 17:10:20 | 000,005,728 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011.01.29 17:10:19 | 002,204,178 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.29 17:10:19 | 000,642,982 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.28 16:25:45 | 000,000,077 | ---- | M] () -- C:\Users\Urs Kirchgraber\Desktop\
[2011.01.26 15:23:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.23 17:55:28 | 000,000,396 | ---- | M] () -- C:\Windows\XCrashReport.ini
[2011.01.20 15:01:33 | 001,694,725 | R--- | M] () -- C:\Users\Urs Kirchgraber\Documents\MyMicroBalance.mmb
[2011.01.05 14:07:18 | 000,000,037 | RH-- | M] () -- C:\Users\Urs Kirchgraber\Documents\.picasa.ini
[2011.01.04 13:58:43 | 000,001,874 | R--- | M] () -- C:\Users\Urs Kirchgraber\Desktop\SpeedBit Video Accelerator.lnk
[2011.01.04 13:58:11 | 000,172,032 | ---- | M] (Jin Hui E-mail: [email protected] Web: ) -- C:\Windows\System32\AniGIF.ocx
[2011.01.02 17:55:50 | 015,391,884 | R--- | M] () -- C:\Users\Urs Kirchgraber\Desktop\Samsung HMX-H200P-GER-IB_0119.pdf
[2011.01.02 16:18:15 | 000,001,619 | R--- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[1 C:\Users\Urs Kirchgraber\Desktop\*.tmp files -> C:\Users\Urs Kirchgraber\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.30 17:12:58 | 000,709,456 | ---- | C] () -- C:\Windows\is-G12JM.exe
[2011.01.30 17:12:58 | 000,012,846 | ---- | C] () -- C:\Windows\is-G12JM.msg
[2011.01.30 17:12:58 | 000,000,333 | ---- | C] () -- C:\Windows\is-G12JM.lst
[2011.01.30 17:06:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.01.30 17:05:38 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.01.30 11:12:51 | 000,000,036 | ---- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\housecall.guid.cache
[2011.01.29 17:57:48 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.01.28 16:25:45 | 000,000,077 | ---- | C] () -- C:\Users\Urs Kirchgraber\Desktop\
[2011.01.27 17:35:53 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.26 15:23:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.01.23 17:54:49 | 000,000,396 | ---- | C] () -- C:\Windows\XCrashReport.ini
[2011.01.05 14:07:18 | 000,000,037 | RH-- | C] () -- C:\Users\Urs Kirchgraber\Documents\.picasa.ini
[2011.01.04 13:58:43 | 000,001,874 | R--- | C] () -- C:\Users\Urs Kirchgraber\Desktop\SpeedBit Video Accelerator.lnk
[2011.01.02 17:55:41 | 015,391,884 | R--- | C] () -- C:\Users\Urs Kirchgraber\Desktop\Samsung HMX-H200P-GER-IB_0119.pdf
[2011.01.02 16:18:15 | 000,001,619 | R--- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2010.12.28 14:38:59 | 000,334,848 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\mxyya.exe
[2010.11.28 15:48:18 | 000,005,013 | ---- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2010.11.21 18:09:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.06 12:28:28 | 000,001,000 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\RT2070_{A70A11D4-CEBF-419F-A9B2-8957AC7E2866}_wsc
[2010.10.06 12:28:06 | 000,000,826 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\RT2070_{A70A11D4-CEBF-419F-A9B2-8957AC7E2866}_sta
[2010.10.06 12:28:05 | 000,000,822 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\RT2070_{A70A11D4-CEBF-419F-A9B2-8957AC7E2866}_prof
[2010.06.13 17:46:19 | 000,017,408 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\WebpageIcons.db
[2010.04.18 15:31:40 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010.03.04 11:49:52 | 000,038,264 | ---- | C] () -- C:\Windows\System32\drivers\wdokan.sys
[2010.03.04 11:49:46 | 000,024,576 | ---- | C] () -- C:\Windows\System32\wdokanusr.dll
[2009.12.14 14:45:31 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.07 14:25:35 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.08.07 14:25:35 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.24 13:27:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.24 12:52:14 | 000,001,136 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Roaming\wklnhst.dat
[2009.03.26 11:32:19 | 000,006,836 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\d3d9caps.dat
[2009.03.01 16:34:57 | 000,050,688 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.01 15:30:40 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.03.01 14:57:37 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.03.01 14:52:23 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.28 18:17:50 | 000,000,354 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.02.28 18:17:25 | 000,000,573 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.02.28 18:06:02 | 000,009,206 | ---- | C] () -- C:\Windows\NTTuner.ini
[2009.02.28 17:07:06 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.02.28 17:07:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.02.28 15:30:58 | 000,000,000 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\QSwitch.txt
[2009.02.28 15:30:58 | 000,000,000 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\DSwitch.txt
[2009.02.28 15:30:58 | 000,000,000 | R--- | C] () -- C:\Users\Urs Kirchgraber\AppData\Local\AtStart.txt
[2009.01.19 08:18:09 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.01.19 08:17:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.01.19 08:17:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.01.19 08:16:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.01.19 08:14:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.01.19 07:16:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.24 00:33:29 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008.11.24 00:27:09 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008.11.24 00:25:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008.11.24 00:23:38 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.09.29 16:51:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999.04.14 00:00:00 | 000,345,088 | ---- | C] () -- C:\Windows\System32\ShrLk21.DLL
[1998.08.24 00:00:00 | 000,104,448 | ---- | C] () -- C:\Program Files\mswkscal.wcd
[1997.08.14 23:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\PCDLIB32.DLL

< End of report >
 
  • #20
OTL Extras logfile created on: 30.01.2011 18:04:14 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Urs Kirchgraber\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.07 Gb Total Space | 192.22 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 281.30 Gb Free Space | 94.37% Space Free | Partition Type: NTFS
Drive E: | 12.02 Gb Total Space | 1.35 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
Drive H: | 149.01 Gb Total Space | 109.35 Gb Free Space | 73.38% Space Free | Partition Type: FAT32
Drive K: | 55.91 Gb Total Space | 41.45 Gb Free Space | 74.15% Space Free | Partition Type: FAT32

Computer Name: URSKIRCHGRAB-PC | User Name: Urs Kirchgraber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 ()
Directory [Browse with &IrfanView] -- C:\Program Files\IrfanView\i_view32.exe %1 /thumbs (Irfan Skiljan)
Directory [Browse with FastStone] -- C:\Program Files\FastStone Image Viewer\FSViewer.exe %1 ()
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
VistaSp1 = Reg Error: Unknown registry data type -- File not found
VistaSp2 = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall = 1
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
EnableFirewall = 1
DisableNotifications = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitTorrent\bittorrent.exe = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{058DAC5B-4FCE-455F-96AB-FEFBE1E2A820} = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
{0870F329-9712-4C61-AABE-C933DD76BBDD} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{0E202269-F932-48D5-8394-4709D3E9ABD3} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
{15972FAD-FEFC-4BEC-8B55-6482743F631D} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{1835E76D-BFAE-49A8-93DB-DF5104BDD8ED} = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
{232CC3D8-FC3A-48C1-80B4-5393F1620592} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
{28E178EC-0180-4822-9918-375A839FD13F} = lport=445 | protocol=6 | dir=in | app=system |
{33A8DD88-52AE-4355-A904-E0195159F1F1} = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
{386CEE54-ED6D-4FA3-AA13-899C3B3AEA99} = lport=138 | protocol=17 | dir=in | app=system |
{38C8A0C6-F370-4367-856A-9A2A0C24EF81} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{3C096990-C61F-407F-A7B3-3F2CA2F09066} = lport=10244 | protocol=6 | dir=in | app=system |
{498E20B7-52EF-42EA-93AB-67B17F6A6590} = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
{4C57EB27-5191-4770-B540-B3BA6CB46C5C} = rport=137 | protocol=17 | dir=out | app=system |
{5A181641-8277-4741-86A6-48D9015BC51E} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{5C48F971-192E-4015-8361-339B42CE42D8} = lport=2869 | protocol=6 | dir=in | app=system |
{5E9727E6-DE82-4837-A9BA-6F3201D234FB} = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
{6501911E-8BEF-4623-93BE-5D19ADA180A9} = lport=10243 | protocol=6 | dir=in | app=system |
{65F26559-62E5-4557-A0D0-07E9255CEDEB} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
{7A799177-395F-403D-AA30-B2EDE9E989F7} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{7D2E51C9-E3F5-40F6-AA0A-FAD33CF02846} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
{80268CAE-058E-4D3A-A118-F5AF88D9AD0D} = rport=445 | protocol=6 | dir=out | app=system |
{80E4B287-CDDA-4BC8-AE2B-F4F5C6F0A8C2} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
{81DC9C57-18CC-42D9-ACAB-4C73C80D057B} = rport=2869 | protocol=6 | dir=out | app=system |
{8899EA05-2E40-4C88-AD47-C7A98C3A2B5F} = lport=139 | protocol=6 | dir=in | app=system |
{8BAE8A62-A593-4C7C-8E29-022614A51911} = lport=3390 | protocol=6 | dir=in | app=system |
{93A81D48-60A2-4768-B19F-B5F1FEF320E2} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
{984DC068-D812-42BF-90AD-92E20AAE9847} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{9DF138E8-8824-4F10-9D7C-7CF2BF92CBC5} = rport=138 | protocol=17 | dir=out | app=system |
{A269611E-2DE7-473D-903C-4BBCBEF098E6} = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
{A40656A3-D1FE-4939-A841-031BAB12902A} = rport=139 | protocol=6 | dir=out | app=system |
{A6FBD412-EA57-4DE3-B4E7-24DF74F35BB5} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{AA4B5ED7-3306-44D6-8DA4-2DE00A968046} = lport=137 | protocol=17 | dir=in | app=system |
{AC0BEF69-0F3D-4E35-B1D9-8FCAA5995525} = rport=10244 | protocol=6 | dir=out | app=system |
{B2F4A72C-9E71-4975-A50E-808507E20D9F} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{B5A49470-81D4-47DC-B0BD-B66742086256} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
{C9477B78-D3C8-4E0F-8DE0-AE6A162EFEE9} = rport=10243 | protocol=6 | dir=out | app=system |
{CAEB8CE0-4C07-4DD0-9DFE-EA330A6E7A1D} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{D3908C39-EE69-45A1-AA2D-B26D0B102714} = lport=2869 | protocol=6 | dir=in | app=system |
{DC3E91FE-E95D-4265-BC1F-64721F964A84} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
{F2F6C8E4-7403-4AB6-B807-5C95806D5923} = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{09C7AC51-20FF-4B76-83BF-6F94301477A0} = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
{0A048515-E1AE-42CD-A02E-8FBFB4FDE0E4} = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
{0ABDDA6F-72EA-49C6-84F9-D9B0E366B0DD} = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
{0F665F9E-6CE8-4F56-914E-97146DD735FE} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{0F9528C3-0B1D-4A20-BE30-1233DD791575} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{1433AD2E-4F5C-4488-A137-9532E7A0C20E} = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
{1EB7EF0E-3564-4A0A-90F9-FA0C19187F19} = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
{2066AD15-1A13-4C8C-882A-8F373F148F23} = protocol=6 | dir=out | app=system |
{2A4203D0-EB9F-46C0-9D54-DA8C5219A0DA} = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{314669AB-770B-4E14-8907-98DBDFAF99FE} = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
{36DF2CEA-D49F-44A4-A4ED-89F7ECD685AF} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{4871295B-0EFF-4A35-BEDC-09F85BE71104} = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
{5B2A1179-D633-4ACD-99BB-03DF84F008BB} = dir=in | app=c:\program files\skype\phone\skype.exe |
{5B916ED9-1EFA-4257-A829-0EB8E8C11081} = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
{648B8488-B4D4-417F-9124-13D8B571A3F5} = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
{6B6BBD81-02AE-42CC-A7BB-45B9B4290FAE} = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{6DDA8E99-4FAC-47E2-98A0-1250504D36E3} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{7AB8CAC3-DB4A-4A3A-B4C3-934CD48D580A} = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{7BF9F744-1593-4A95-9267-3E7D32CC9D68} = protocol=58 | dir=out | [email protected],-28546 |
{7D5CE645-D870-4844-AD7C-1565B7ACF788} = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
{800ED4ED-E125-4418-8963-DF256E6A93E1} = protocol=1 | dir=out | [email protected],-28544 |
{83A37D41-0DFD-469F-AAFD-BA6A2C5C0609} = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
{8E6D5FA7-0082-4DBD-97C2-2EBD74CC17B5} = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
{918D8B6F-D49E-4F7A-85E0-F7C9977F1233} = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{93DA4811-1B04-4711-8025-CE1D37F53BB3} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{94236587-A1F9-42E0-B723-E5EABF9B0714} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{948846F5-6334-4784-B7E4-1144CB0877C6} = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
{97526151-C82F-4B13-835B-CB2E8AD4057A} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{9D2F3711-6EF4-4937-AF98-E2E86EF1A176} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{A59152E0-1C12-4BAB-B987-56922EA2994E} = dir=in | app=c:\program files\skype\phone\skype.exe |
{A8572904-968A-40B9-90AA-0AE1AAEB8D66} = protocol=58 | dir=in | [email protected],-148 |
{AAC96D90-4E76-47C1-8C02-2D978505A972} = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
{B11F2028-46A3-4D05-A755-0837BA01EB5F} = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{B1601579-042F-4AA5-9F59-652A8F3CB72C} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{B7717E01-42A2-4F0D-986A-3E6A645BF08F} = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
 
Thema:

Virenscanner evtl. infiziert?

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums

Themen
113.843
Beiträge
707.974
Mitglieder
51.495
Neuestes Mitglied
robertr
Oben