|
Plagegeister aller Art und deren Bekämpfung: Facebook Virus JPG.SRC geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.11.2011, 17:51 | #1 |
| Facebook Virus JPG.SRC geöffnet Hallo liebes Trojaner Board, Ich habe leider auch ein kleines Problemchen ... glaube ich mal. Wir haben bei uns in der WG einen Gemeinschafts PC. Hier hat meine liebe Mitbewohnerin folgendes Problem verursacht. Sie hat eine Datei die sie über Facebook als Link bekommen hat heruntergeladen und ausgeführt (hxxp://www.sentosakaryautama.com/images/gallery.php?l=IMG6954.JPG). Sie beteuert Dass Sie die Datei mit Antivir (auf neuestem Stand) gescannt und dann erst geöffnet hat nachdem Antivir keinerlei Fehlermeldung brachte jedoch will ich auf Nummer sicher gehen ... Aktuell habe ich keine Probleme oder Einschränkungen auf meinem System feststellen können, auch hat Sie mit ihrem Facebook Account keine einzige Datei weitergesendet wie in vielen Posts beschrieben. Habe mich davon überzeugt dass sie keine mAssenflu versendet hat und sie erstmal ausgeloggt. der Rechner ist auch nicht abgestürzt beim ausführen, (jedoch ist der Rechner auch seitdem nicht heruntergefahren worden und dabei belasse ich es erst einmal.) Ich hätte gerne auch in den anderen Threat geschrieben jedoch lässt dieser keine Antworten zu. Ich bin nun strikt nach der hier angegeben Anleitung vorgegangen: http://www.trojaner-board.de/104167-...-facebook.html [B] CCleaner - Inhalt.TXT: Code:
ATTFilter 7-Zip 4.65 (x64 edition) Igor Pavlov 11.09.2010 3,99MB 4.65.00.0 Adobe AIR Adobe Systems Inc. 13.04.2011 1.5.3.9120 Adobe Community Help Adobe Systems Incorporated 13.04.2011 3.0.0.400 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 03.05.2010 6,00MB 10.1.53.64 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.11.2011 6,00MB 11.1.102.55 Adobe Media Player Adobe Systems Incorporated 13.04.2011 1.8 Adobe Photoshop CS5 Adobe Systems Incorporated 13.04.2011 2.595MB 12.0 Adobe Reader 9.3 - Deutsch Adobe Systems Incorporated 05.05.2010 240MB 9.3.0 Akamai NetSession Interface 02.11.2011 Akamai NetSession Interface Service 02.11.2011 ANNO 1404 Ubisoft 11.07.2011 1.02.0000 ANNO 1404 - Venedig Ubisoft 11.07.2011 2.0.5008.0 Apple Application Support Apple Inc. 29.11.2010 52,7MB 1.4.1 Apple Mobile Device Support Apple Inc. 29.11.2010 22,3MB 3.3.0.69 Apple Software Update Apple Inc. 28.06.2010 2,26MB 2.1.2.120 ATI Catalyst Install Manager ATI Technologies, Inc. 14.01.2011 22,3MB 3.0.782.0 Avira AntiVir Personal - Free Antivirus Avira GmbH 13.10.2011 61,8MB 10.2.0.704 AviSynth 2.5 17.06.2010 Bonjour Apple Inc. 28.06.2010 1,75MB 2.0.3.0 CCleaner Piriform 27.11.2011 3.12 CDBurnerXP CDBurnerXP 21.11.2011 17,3MB 4.3.9.2809 CDBurnerXP CDBurnerXP 12.04.2011 16,4MB 4.3.8.2523 CPUCooL (remove only) 09.11.2011 CPUID CPU-Z 1.58 09.11.2011 3,23MB Der Vokabulator II 19.09.2011 DivX-Setup DivX, LLC 01.01.2011 2.2.1.2 Druckerdeinstallation für EPSON SX100 Series SEIKO EPSON Corporation 14.05.2010 EPSON Scan 14.05.2010 Free Video Flip and Rotate version 1.8.10.324 DVDVideoSoft Limited. 26.03.2011 38,8MB Free Video to Flash Converter version 4.7.16 DVDVideoSoft Limited. 20.11.2010 31,2MB Free Video to iPhone Converter version 3.3.4.920 DVDVideoSoft Ltd. 16.11.2011 33,9MB Free Video to iPod Converter version 4.1 DVDVideoSoft Limited. 05.10.2010 24,8MB Futuremark SystemInfo Futuremark Corporation 09.11.2011 4.0.0.0 Garmin Communicator Plugin Garmin Ltd or its subsidiaries 01.06.2010 11,7MB 2.9.2 Garmin USB Drivers Garmin Ltd or its subsidiaries 01.06.2010 0,12MB 2.3.0.0 iPhone Explorer Marx Softwareentwicklung 16.10.2011 7,04MB 0.9.28.4 iTunes Apple Inc. 29.11.2010 145,7MB 10.1.0.56 Java(TM) 6 Update 29 Oracle 30.09.2011 97,1MB 6.0.290 Java(TM) 7 (64-bit) Oracle 04.08.2011 93,3MB 7.0.0 JDownloader AppWork UG (haftungsbeschränkt) 03.05.2010 0.89 K-Lite Codec Pack 7.9.0 (Full) 19.11.2011 48,9MB 7.9.0 LibUSB-Win32-0.1.10.1 LibUSB-Win32 17.12.2010 0.1.10.1 Macromedia Extension Manager Ihr Firmenname 20.11.2010 4,90MB 1.7.270 Macromedia Flash Player 8 Macromedia 20.11.2010 1,42MB 8.0.22.0 MacroX 3.1 Uhrzeit.org 29.01.2011 3.1 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 27.11.2011 13,8MB 1.51.2.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.05.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.05.2010 2,94MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 23.06.2011 12.0.6425.1000 Microsoft Office Outlook Connector Microsoft Corporation 24.06.2011 3,36MB 14.0.5118.5000 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 08.06.2010 7,72MB 8.0.50727.42 Microsoft Silverlight Microsoft Corporation 14.10.2011 60,3MB 4.0.60831.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24.06.2011 1,70MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 0,29MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 03.05.2010 0,69MB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15.01.2011 0,25MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 03.05.2010 0,77MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 13.06.2011 2,87MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.10.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.06.2010 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03.05.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.11.2011 15,0MB 10.0.40219 Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 12.01.2010 9,17MB 4.0.20823.0 MobileMe Control Panel Apple Inc. 29.11.2010 11,9MB 3.1.4.0 MotioninJoy ds3 driver version 0.6.0003 www.motioninjoy.com 01.01.2011 3,43MB 0.5.0001 Mozilla Firefox (3.6.8) Mozilla 07.06.2010 3.6.8 (de) muvee Reveal muvee Technologies Pte Ltd 27.05.2010 141,5MB 8.0.0.12674 Nero 6 Ultra Edition 11.04.2011 NVIDIA PhysX NVIDIA Corporation 09.11.2011 78,9MB 9.10.0513 OpenAL 27.09.2010 Opera 11.50 Opera Software ASA 12.01.2010 11.50.1074 Orcs Must Die! 19.10.2011 Pando Media Booster Pando Networks Inc. 11.05.2010 5,47MB 2.3.4.0 PDFCreator Frank Heindörfer, Philip Chinery 05.05.2010 1.0.1 PS3_USB_GAMEPAD GASIA 03.01.2011 1.00.0000 PSP Video 9 6 Red Kawa 08.08.2011 6 QuickTime Apple Inc. 28.09.2010 73,7MB 7.68.75.0 RapidShare Manager 2 RapidShare AG 03.08.2011 2 Realtek Ethernet Controller Driver For Windows Vista and Later Realtek 03.05.2010 1.00.0011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.05.2010 6.0.1.5953 Red Eye Remover Pro 1.2 31.10.2011 Safari Apple Inc. 29.11.2010 41,3MB 5.33.19.4 Seagate Dashboard Memeo Inc. 30.06.2011 1.0.0.809 Skype™ 5.3 Skype Technologies S.A. 12.07.2011 16,6MB 5.3.120 SmartSync Pro 30.09.2011 SSC Service Utility v4.30 SSC Localization Group 26.10.2010 StartNow Toolbar StartNow.com 19.11.2011 2.4.0 Steam Valve Corporation 21.10.2010 42,3MB 1.0.0.0 TeamSpeak 3 Client TeamSpeak Systems GmbH 15.01.2011 TeamViewer 6 TeamViewer GmbH 16.07.2011 6.0.10722 The Elder Scrolls V: Skyrim Bethesda Game Studios 10.11.2011 TuneUp Utilities 2011 TuneUp Software 04.02.2011 10.0.3000.99 Ubisoft Game Launcher UBISOFT 27.08.2010 1.0.0.0 UE3Redist Epic Games 26.09.2010 68,9MB 1.00.0000 Uninstall 1.0.0.1 15.05.2011 11,2MB VLC media player 1.1.4 VideoLAN 25.09.2010 1.1.4 Vocabulary Editor Christian Beer 03.10.2011 Wacom Tablett Wacom Technology Corp. 14.05.2010 Wallpaperio iPhone 4 Maker 3 Red Kawa 30.09.2011 3 WebTablet IE Plugin Wacom Technology Corp. 14.05.2010 1.1.0.4 WebTablet Netscape Plugin Wacom Technology Corp. 14.05.2010 1.1.0.3 Winamp Nullsoft, Inc 02.11.2011 5.622 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 01.06.2010 06/03/2009 2.3.0.0 Windows Live Essentials Microsoft Corporation 25.06.2011 15.4.3508.1109 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 24.06.2011 5,58MB 15.4.5722.2 Windows Media Player Firefox Plugin Microsoft Corp 25.03.2011 0,29MB 1.0.0.8 Windows Password Recovery Tool Professional Demo PasswordSeeker 17.09.2011 WinRAR 03.05.2010 WinSCP 4.3.5 Martin Prikryl 01.10.2011 8,69MB 4.3.5 WinSnap NTWind Software 03.11.2011 1.1.10 OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2011 14:18:50 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marvin\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 23,07% Memory free 7,99 Gb Paging File | 3,64 Gb Available in Paging File | 45,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 98,47 Gb Total Space | 10,75 Gb Free Space | 10,92% Space Free | Partition Type: NTFS Drive Y: | 465,76 Gb Total Space | 48,51 Gb Free Space | 10,42% Space Free | Partition Type: NTFS Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marvin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Marvin\AppData\Local\Temp\3982909.exe () PRC - C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe (fractiousness tessellating) PRC - C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe () PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) PRC - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe (Adobe Systems, Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Windows\VID_054c&PID_0268\Watchps3.exe () PRC - C:\Program Files (x86)\SmartSync Pro\SmartSync.exe (SmartSync Software) ========== Modules (No Company Name) ========== MOD - C:\Users\Marvin\AppData\Local\Temp\3982909.exe () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll () MOD - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll () MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Windows\VID_054c&PID_0268\Watchps3.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll () SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (ntiopnp) -- C:\Windows\SysNative\drivers\ntiopnp.sys () DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (GF0268) -- C:\Windows\SysNative\drivers\GF0268.sys () DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (GF0268) -- C:\Windows\SysWOW64\drivers\GF0268.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20111120&user_guid=82E40BD589EC4BC0BF7073C3A6F6545F&machine_id=86aeae2ab7f3b67c5c5db4972c3576fd&browser=IE&os=win&os_version=6.1-x64-SP0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 E2 DA 78 78 37 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.02 22:02:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.02 22:02:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.10 23:52:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 15:58:02 | 000,000,000 | ---D | M] [2010.05.04 11:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions [2011.11.20 21:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\c5uuke4y.default\extensions [2011.11.20 21:27:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\c5uuke4y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.10.01 05:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\c5uuke4y.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.10.01 05:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\c5uuke4y.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.11.20 21:06:02 | 000,001,390 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\c5uuke4y.default\searchplugins\yahoo-zugo.xml [2011.11.20 21:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.06 20:46:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.10.01 00:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.31 11:41:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.01.02 22:02:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.01.02 22:02:54 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\install\updatet.exe (Twain Working Group) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemonTool] rundll32.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_SC8F9.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\install\updatet.exe (Twain Working Group) O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe (fractiousness tessellating) O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe File not found O4 - HKCU..\Run: [SmartSync Pro] C:\Program Files (x86)\SmartSync Pro\SmartSync.exe (SmartSync Software) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: updatet = C:\Windows\system32\install\updatet.exe (Twain Working Group) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: updatet = C:\Windows\system32\install\updatet.exe (Twain Working Group) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26353F1A-8274-4B61-B17C-0BD66FB73E26}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBD5F641-3297-49CF-B8FD-64E664F13AB4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1824f3c0-b87a-11df-b80d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1824f3c0-b87a-11df-b80d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{424d6c8b-c979-11df-8df7-406186c20459}\Shell - "" = AutoRun O33 - MountPoints2\{424d6c8b-c979-11df-8df7-406186c20459}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{424d6c8b-c979-11df-8df7-406186c20459}\Shell\directx\command - "" = E:\Support\DirectX\DXSETUP.exe O33 - MountPoints2\{424d6c8b-c979-11df-8df7-406186c20459}\Shell\install\command - "" = E:\setup.exe O33 - MountPoints2\{b4712b9d-6e4c-11e0-9ceb-406186c20459}\Shell - "" = AutoRun O33 - MountPoints2\{b4712b9d-6e4c-11e0-9ceb-406186c20459}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{df811c1e-ecff-11df-9ca6-406186c20459}\Shell - "" = AutoRun O33 - MountPoints2\{df811c1e-ecff-11df-9ca6-406186c20459}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.28 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Facebook Hack [2011.11.28 14:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.28 14:11:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.28 14:11:26 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes [2011.11.28 14:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.28 14:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.28 14:10:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.28 14:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.28 14:08:24 | 000,000,000 | RHSD | C] -- C:\Users\Marvin\M-1-52-5782-8752-5245 [2011.11.25 17:04:39 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Schatz Geschenke [2011.11.25 14:16:06 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Save [2011.11.24 20:14:08 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Pimp [2011.11.20 21:36:15 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Neuer Ordner (2) [2011.11.20 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Media Player Classic [2011.11.20 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar [2011.11.20 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.11.20 21:05:33 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm [2011.11.20 21:05:33 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2011.11.20 18:36:41 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Coctail Karte [2011.11.20 17:11:11 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Referate [2011.11.20 16:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.11.16 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\DVDVideoSoft [2011.11.16 12:21:52 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Neuer Ordner [2011.11.14 17:41:08 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Skyrim Mods [2011.11.11 17:56:30 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\Skyrim [2011.11.11 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\My Games [2011.11.10 17:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark [2011.11.10 17:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2011.11.10 17:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.11.10 17:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUCooL [2011.11.10 17:28:19 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys [2011.11.10 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2011.11.10 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2011.11.10 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\TuneUp Software [2011.11.10 15:04:02 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Anki [2011.11.05 02:19:15 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Games [2011.11.04 01:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSnap [2011.11.04 01:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSnap [2011.11.03 20:47:37 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Winamp [2011.11.03 20:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2011.11.03 02:26:53 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\Akamai [2011.11.01 17:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Eye Remover Pro [2011.11.01 17:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Eye Remover Pro [2011.11.01 16:52:50 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Calibre Bibliothek [2011.11.01 16:52:48 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\calibre [2011.10.31 11:41:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.10.31 11:41:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.10.31 11:41:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.28 14:24:08 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 14:11:39 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.28 14:10:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.28 13:05:42 | 000,001,750 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.dat [2011.11.28 13:05:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.27 01:21:34 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.27 01:21:34 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.27 01:21:34 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.27 01:21:34 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.27 01:21:34 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.27 01:18:21 | 001,796,406 | ---- | M] () -- C:\Users\Marvin\Desktop\Unbenannt-3.psd [2011.11.24 15:44:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 15:44:13 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 15:34:43 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys [2011.11.23 21:52:27 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.11.23 21:11:37 | 000,008,192 | ---- | M] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.23 16:31:46 | 004,985,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.22 21:34:47 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.11.22 16:25:31 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2011.11.22 16:19:30 | 009,536,810 | ---- | M] () -- C:\Users\Marvin\Desktop\Unbenannt-1.psd [2011.11.22 14:44:44 | 000,013,237 | ---- | M] () -- C:\Users\Marvin\Desktop\tropfen-13974090.png [2011.11.22 00:12:11 | 000,069,113 | ---- | M] () -- C:\Users\Marvin\Desktop\The_Big_Bang_Theory_fanart_by_foolspot.jpg [2011.11.21 23:36:59 | 000,040,926 | ---- | M] () -- C:\Users\Marvin\Desktop\WhenIPutMyLipsLikeThis.jpg [2011.11.21 23:15:23 | 000,602,527 | ---- | M] () -- C:\Users\Marvin\Desktop\iphone_readymech.pdf [2011.11.16 12:17:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.14 21:46:17 | 502,254,478 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.12 16:00:18 | 000,013,695 | ---- | M] () -- C:\Users\Marvin\Desktop\SkyrimLauncher - Verknüpfung.lnk [2011.11.10 17:30:32 | 000,000,991 | ---- | M] () -- C:\Users\Marvin\Desktop\CPUCooL.lnk [2011.11.04 01:47:41 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\WinSnap.lnk [2011.11.01 17:12:31 | 000,001,083 | ---- | M] () -- C:\Users\Marvin\Desktop\Red Eye Remover Pro.lnk [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.28 14:23:45 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 14:10:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.27 01:18:20 | 001,796,406 | ---- | C] () -- C:\Users\Marvin\Desktop\Unbenannt-3.psd [2011.11.22 14:44:43 | 000,013,237 | ---- | C] () -- C:\Users\Marvin\Desktop\tropfen-13974090.png [2011.11.22 00:26:23 | 009,536,810 | ---- | C] () -- C:\Users\Marvin\Desktop\Unbenannt-1.psd [2011.11.22 00:12:10 | 000,069,113 | ---- | C] () -- C:\Users\Marvin\Desktop\The_Big_Bang_Theory_fanart_by_foolspot.jpg [2011.11.21 23:36:58 | 000,040,926 | ---- | C] () -- C:\Users\Marvin\Desktop\WhenIPutMyLipsLikeThis.jpg [2011.11.21 23:15:23 | 000,602,527 | ---- | C] () -- C:\Users\Marvin\Desktop\iphone_readymech.pdf [2011.11.20 21:05:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.20 21:05:33 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.20 21:05:33 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.20 21:05:33 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.20 21:05:33 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2011.11.14 21:46:17 | 502,254,478 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.11.12 16:00:18 | 000,013,695 | ---- | C] () -- C:\Users\Marvin\Desktop\SkyrimLauncher - Verknüpfung.lnk [2011.11.10 17:30:32 | 000,000,991 | ---- | C] () -- C:\Users\Marvin\Desktop\CPUCooL.lnk [2011.11.10 17:28:19 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2011.11.04 01:47:41 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\WinSnap.lnk [2011.11.01 17:12:31 | 000,001,083 | ---- | C] () -- C:\Users\Marvin\Desktop\Red Eye Remover Pro.lnk [2011.10.01 21:28:22 | 000,000,132 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.10.01 01:04:36 | 000,055,808 | ---- | C] () -- C:\Windows\zlib1.dll [2011.09.20 15:50:56 | 000,000,316 | ---- | C] () -- C:\Windows\Vok2D.ini [2011.08.04 21:23:10 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.16 16:54:44 | 000,000,600 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\winscp.rnd [2011.06.16 22:09:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.04.24 11:36:04 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2011.04.24 11:30:49 | 000,000,000 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\chrtmp [2011.04.12 20:54:58 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.04.08 22:30:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.03.15 19:30:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.02.15 13:59:33 | 000,000,132 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010.12.18 16:27:19 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2010.12.02 23:41:29 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys [2010.12.02 23:41:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe [2010.06.15 23:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.06.01 17:02:26 | 000,008,192 | ---- | C] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.15 19:08:55 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.15 19:08:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\EA9B587C47.sys [2010.05.11 16:39:02 | 358,329,809 | ---- | C] () -- C:\Program Files (x86)\2029_setup_1.26.0058.exe.sl [2010.05.06 09:01:28 | 1793,225,376 | ---- | C] () -- C:\Program Files (x86)\vc_setup_0.79.exe.sl [2010.05.04 02:22:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.04 02:11:09 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.05.04 02:11:09 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.09.19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2008.09.19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2005.10.03 13:35:58 | 000,007,619 | -H-- | C] () -- C:\Users\Marvin\AppData\Roaming\Marvinlog.dat ========== LOP Check ========== [2011.11.10 15:04:45 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\.anki [2011.08.04 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\.minecraft [2010.12.18 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Ace [2010.05.05 02:57:58 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\BitCometLite [2011.07.17 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Blender Foundation [2010.11.14 20:00:08 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\BOM [2011.11.01 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\calibre [2011.04.13 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Canneverbe Limited [2011.11.28 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DAEMON Tools Lite [2010.09.05 00:27:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DAEMON Tools Net [2011.06.14 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DAEMON Tools Pro [2011.11.17 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DVDVideoSoft [2010.05.15 19:04:53 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\EPSON [2011.04.13 18:23:23 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\foobar2000 [2010.06.02 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\GARMIN [2011.01.30 05:00:42 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\GetRightToGo [2011.07.13 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\go [2010.09.30 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\GOA [2011.02.28 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\gtk-2.0 [2011.02.28 22:46:34 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Hothead Games [2010.01.12 22:15:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Leadertech [2011.01.02 22:02:55 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Local [2011.10.01 14:58:42 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Memeo [2011.09.07 03:46:44 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MoreTerra [2011.01.02 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MotioninJoy [2010.05.29 22:11:41 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\muvee Technologies [2010.01.13 01:40:21 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Opera [2011.06.21 17:31:30 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Prison Break [2011.10.01 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\RIFT [2011.07.03 10:59:08 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Seagate [2011.10.01 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Software4u [2010.11.21 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TeamViewer [2011.11.28 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TS3Client [2011.11.10 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TuneUp Software [2010.01.13 00:03:06 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Ubisoft [2010.10.02 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Visionaire Editor [2011.10.15 12:26:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D < End of report > OTL EXTRAS: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.11.2011 14:18:50 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marvin\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 23,07% Memory free 7,99 Gb Paging File | 3,64 Gb Available in Paging File | 45,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 98,47 Gb Total Space | 10,75 Gb Free Space | 10,92% Space Free | Partition Type: NTFS Drive Y: | 465,76 Gb Total Space | 48,51 Gb Free Space | 10,42% Space Free | Partition Type: NTFS Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update -- (fractiousness tessellating) "C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update -- (fractiousness tessellating) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003 "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58 "EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50427B19-DC13-EBBF-C44A-42DED9C8DD54}" = muvee Reveal "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D883EE9E-CC54-48F7-ABC0-50ADB60CDE0B}" = PS3_USB_GAMEPAD "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6103-4188-8184-5707" = RapidShare Manager 2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUCooL" = CPUCooL (remove only) "Der Vokabulator II" = Der Vokabulator II "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10.324 "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.16 "Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.3.4.920 "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.1 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full) "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "MacroX" = MacroX 3.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "OpenAL" = OpenAL "Opera 11.50.1074" = Opera 11.50 "Orcs Must Die!_is1" = Orcs Must Die! "PSP Video 9" = PSP Video 9 6 "Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2 "SmartSync Pro" = SmartSync Pro "SSC Service Utility_is1" = SSC Service Utility v4.30 "StartNow Toolbar" = StartNow Toolbar "Steam App 72850" = The Elder Scrolls V: Skyrim "TeamViewer 6" = TeamViewer 6 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.4 "Wacom Tablet Driver" = Wacom Tablett "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "Wallpaperio iPhone 4 Maker" = Wallpaperio iPhone 4 Maker 3 "Winamp" = Winamp "Windows Password Recovery Tool Professional Demo" = Windows Password Recovery Tool Professional Demo "WinLiveSuite" = Windows Live Essentials "winscp3_is1" = WinSCP 4.3.5 "WinSnap" = WinSnap ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "Vocabulary Editor" = Vocabulary Editor ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.11.2011 19:25:14 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.11.2011 19:25:14 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 22979 Error - 27.11.2011 19:25:14 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 22979 Error - 27.11.2011 19:25:15 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.11.2011 19:25:15 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 23977 Error - 27.11.2011 19:25:15 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 23977 Error - 27.11.2011 19:25:16 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.11.2011 19:25:16 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 24976 Error - 27.11.2011 19:25:16 | Computer Name = Marvin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 24976 Error - 28.11.2011 08:49:07 | Computer Name = Marvin-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Media Center Events ] Error - 29.05.2010 13:02:53 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 19:02:53 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 30.05.2010 13:22:47 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 19:22:47 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 31.05.2010 20:22:13 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 02:22:13 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 02.06.2010 07:01:00 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 13:01:00 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 03.06.2010 16:05:33 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 22:05:33 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 04.06.2010 13:22:35 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 19:22:35 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 05.06.2010 14:49:31 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 20:49:31 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 06.06.2010 14:41:41 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 20:41:41 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 08.06.2010 16:26:40 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 22:26:40 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 08.06.2010 23:36:51 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 05:36:51 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ OSession Events ] Error - 04.08.2011 16:24:30 | Computer Name = Marvin-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 28.11.2011 08:05:29 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:05:36 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:05:36 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:05:36 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:05:39 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:05:41 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:07:05 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:07:24 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 08:07:25 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 28.11.2011 09:08:37 | Computer Name = Marvin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. [ TuneUp Events ] Error - 25.02.2011 15:31:15 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 25.02.2011 15:31:15 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 25.02.2011 15:31:15 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12.04.2011 11:49:11 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12.04.2011 11:49:11 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 13.05.2011 13:13:04 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 13.05.2011 13:13:04 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 13.05.2011 13:13:04 | Computer Name = Marvin-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > Ich habe zusätzlichen Scan mit Antivir durchgeführt: welcher folgendes Erbegnis brachte. Antivir - Logfile: Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 28. November 2011 14:09 Es wird nach 3479111 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : MARVIN-PC Versionsinformationen: BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 30.06.2011 21:06:45 AVSCAN.DLL : 10.0.5.0 57192 Bytes 30.06.2011 21:06:45 LUKE.DLL : 10.3.0.5 45416 Bytes 30.06.2011 21:06:45 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 30.06.2011 21:06:45 AVREG.DLL : 10.3.0.9 88833 Bytes 12.07.2011 10:05:53 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 20:13:55 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 19:58:18 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 16:38:01 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 21:07:48 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 21:24:41 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 18:45:46 VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:39:19 VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 15:21:45 VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 15:21:45 VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 15:21:46 VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 15:21:55 VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 15:21:55 VBASE013.VDF : 7.11.18.37 2048 Bytes 24.11.2011 15:21:55 VBASE014.VDF : 7.11.18.38 2048 Bytes 24.11.2011 15:21:55 VBASE015.VDF : 7.11.18.39 2048 Bytes 24.11.2011 15:21:55 VBASE016.VDF : 7.11.18.40 2048 Bytes 24.11.2011 15:21:55 VBASE017.VDF : 7.11.18.41 2048 Bytes 24.11.2011 15:21:55 VBASE018.VDF : 7.11.18.42 2048 Bytes 24.11.2011 15:21:55 VBASE019.VDF : 7.11.18.43 2048 Bytes 24.11.2011 15:21:55 VBASE020.VDF : 7.11.18.44 2048 Bytes 24.11.2011 15:21:57 VBASE021.VDF : 7.11.18.45 2048 Bytes 24.11.2011 15:21:57 VBASE022.VDF : 7.11.18.46 2048 Bytes 24.11.2011 15:21:59 VBASE023.VDF : 7.11.18.47 2048 Bytes 24.11.2011 15:21:59 VBASE024.VDF : 7.11.18.48 2048 Bytes 24.11.2011 15:21:59 VBASE025.VDF : 7.11.18.49 2048 Bytes 24.11.2011 15:22:00 VBASE026.VDF : 7.11.18.50 2048 Bytes 24.11.2011 15:22:00 VBASE027.VDF : 7.11.18.51 2048 Bytes 24.11.2011 15:22:00 VBASE028.VDF : 7.11.18.52 2048 Bytes 24.11.2011 15:22:00 VBASE029.VDF : 7.11.18.53 2048 Bytes 24.11.2011 15:22:01 VBASE030.VDF : 7.11.18.54 2048 Bytes 24.11.2011 15:22:01 VBASE031.VDF : 7.11.18.79 115200 Bytes 27.11.2011 20:10:28 Engineversion : 8.2.6.120 AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 19:41:10 AESCRIPT.DLL : 8.1.3.87 475516 Bytes 25.11.2011 15:24:04 AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 20:28:00 AESBX.DLL : 8.2.1.34 323957 Bytes 03.06.2011 16:42:36 AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 11:57:14 AEPACK.DLL : 8.2.13.4 684406 Bytes 12.11.2011 14:13:48 AEOFFICE.DLL : 8.1.2.20 201083 Bytes 18.11.2011 21:45:31 AEHEUR.DLL : 8.1.2.193 3850617 Bytes 25.11.2011 15:23:53 AEHELP.DLL : 8.1.18.0 254327 Bytes 26.10.2011 19:41:06 AEGEN.DLL : 8.1.5.14 405877 Bytes 18.11.2011 21:45:28 AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 20:27:25 AECORE.DLL : 8.1.24.0 196983 Bytes 26.10.2011 19:41:05 AEBB.DLL : 8.1.1.0 53618 Bytes 04.05.2010 11:23:45 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.3.2 44904 Bytes 30.06.2011 21:06:45 AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 21:22:29 AVARKT.DLL : 10.0.26.1 255336 Bytes 30.06.2011 21:06:45 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 30.06.2011 21:06:45 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 30.06.2011 21:06:45 RCTEXT.DLL : 10.0.64.0 98664 Bytes 30.06.2011 21:06:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Auszulassende Dateien.................: C:\Program Files\L2German\l2gerprotect.exe, Beginn des Suchlaufs: Montag, 28. November 2011 14:09 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess '3982909.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'winsvc.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeARM.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'CS5ServiceManager.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'Photoshop.exe' - '166' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'steam.exe' - '142' Modul(e) wurden durchsucht Durchsuche Prozess 'wmplayer.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'AAM Updates Notifier.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'ToolbarUpdaterService.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '168' Modul(e) wurden durchsucht Durchsuche Prozess 'DDMService.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'netsession_win.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'Watchps3.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'netsession_win.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SmartSync.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'SeagateDashboardService.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'TabTip32.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '269' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 Beginne mit der Desinfektion: C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ad50cfc.qua' verschoben! Ende des Suchlaufs: Montag, 28. November 2011 16:05 Benötigte Zeit: 1:51:55 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 36675 Verzeichnisse wurden überprüft 620839 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 620838 Dateien ohne Befall 2831 Archive wurden durchsucht 0 Warnungen 1 Hinweise 654894 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8256 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28.11.2011 17:47:15 mbam-log-2011-11-28 (17-47-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 366536 Laufzeit: 39 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3612 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{887M5QYO-7040-0044-5TH7-EQ1812K54DC6} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{887M5QYO-7040-0044-5TH7-EQ1812K54DC6} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\updatet (Backdoor.HMCPol.Gen) -> Value: updatet -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\updatet (Backdoor.HMCPol.Gen) -> Value: updatet -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Marvin\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\Marvin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\O2SCST9T\f[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\install\updatet.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully. |
28.11.2011, 19:09 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus JPG.SRC geöffnet Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
29.11.2011, 14:51 | #3 |
| Facebook Virus JPG.SRC geöffnet Hier wie gewünscht der Eset Scan
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f367c4a97bdbaa4b887b640e8aa5af98 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-28 07:57:53 # local_time=2011-11-28 08:57:53 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1797 16775165 100 94 10509 59043138 11629 0 # compatibility_mode=5893 16776574 66 94 24160 74911953 0 0 # compatibility_mode=8192 67108863 100 0 3763 3763 0 0 # scanned=212780 # found=5 # cleaned=0 # scan_time=3991 C:\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marvin\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I Win32/HackKMS.C application (unable to clean) 00000000000000000000000000000000 I to clean) 00000000000000000000000000000000 I |
29.11.2011, 15:29 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus JPG.SRC geöffnet Ich hab den Eindruck du hast da irgendwas am Log verändert. Zu den letzten zwei Funden nach C:\Users\Marvin\Downloads\Unlocker1.9.1.exe fehlen mir die Dateinamen.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Facebook Virus JPG.SRC geöffnet |
64-bit, adblock, alternate, antivir, autorun, backdoor.hmcpol.gen, bho, browser, c:\windows\system32\rundll32.exe, converter, cpu-z, desktop, einschränkungen, error, firefox, flash player, helper, install.exe, langs, libusb0.sys, mbamservice.exe, microsoft office word, nt.dll, office 2007, plug-in, registry, richtlinie, rundll, sched.exe, security, security update, senden, server, shell32.dll, shortcut, software, svchost.exe, system, tablet, trojan.agent.ge, trojaner, trojaner board, updates, usb, version=1.0, verweise, virus, vista, webcheck, windows |