|
Log-Analyse und Auswertung: System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.12.2011, 16:42 | #1 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, seit gestern abend habe ich massive Probleme mit meinem PC. Zuerst öffnete sich immer ein Fenster (System Fix) von dem mir vorgegaugelt wurde, dass meine RAM / HDD kaputt wäre. Dann erschien andauernd eine FEhlermeldung. "Windows detected a Hard Disk Fail" das Problem mit dem System Fix habe ich durch die rkill.exe in den Griff bekommen. Momentan ist es so, dass meine Dateien die ich auf den Partitionen D:/ und E:/ habe nicht sichtbar sind. (aber wohl noch vorhanden) Eine Systemwiederherstellung habe ich bereits durchgeführt, Stand vorgestern morgen. Leider fehlen auf dem Desktop noch einige Dateien. Ich hoffe ich mache beim Log posten alles richtig. Hier die Log vom Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:23 on 07/12/2011 (****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Ich bin mir unsicher wie ich weiter vorgehen soll, deswegen warte ich eure Ratschläge ab. Vielen Dank im Voraus. Edit: Soeben finde ich die Datei "Privacy Protection auf meinem Desktop. Edit 2: Der Inhalt meiner Externen Festplatte wird auch nicht mehr richtig erkannt. Kann es sein, dass dieser gelöscht wurde? Mfg C0bra Geändert von c0bra (07.12.2011 um 16:54 Uhr) |
08.12.2011, 06:12 | #2 | |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwundenMein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Downloade bitte Grinler's unhide.exe auf deinem Desktop Starte das Tool mit Doppelklick. Wenn es seine Arbeit getan hat, wir eine Nachricht mit Done aufpoppen Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort Combofix.txt
__________________ |
08.12.2011, 06:44 | #3 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, danke für deine Antwort. Werde die Scans morgen Mittag durch führen. Eine frage noch kann es sein das die Dateien geloescht wurden? Meine Festplatten werden als leer angezeigt, sind aber nicht leer. Auf meiner externen Festplatte wird auch kein Inhalt mehr angezeigt.
__________________Vielen dank vorab. Gruß |
08.12.2011, 06:49 | #4 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Nein, die sind nicht gelöscht
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.12.2011, 13:46 | #5 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, die unhide.exe habe ich gerade drüberlaufen lassen, hat alles soweit funktioniert, Dateien sind wieder sichtbar! Danke. Hier der Inhalt der Combofix.txt: Code:
ATTFilter ComboFix 11-12-09.02 - * 09.12.2011 13:33:25.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2241 [GMT 1:00] ausgeführt von:: c:\users\*\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\pplCsv.txt c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempCsv.txt c:\windows\assembly\tmp\U c:\windows\XSxS . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-09 bis 2011-12-09 )))))))))))))))))))))))))))))) . . 2011-12-09 12:36 . 2011-12-09 12:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-09 12:36 . 2011-12-09 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-07 16:49 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 15:57 . 2011-12-07 15:57 -------- d-----w- c:\program files (x86)\MOBackup 2011-12-07 15:38 . 2011-12-07 15:38 -------- d-----w- c:\program files (x86)\7-Zip 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\programdata\Malwarebytes 2011-12-06 20:54 . 2011-12-07 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 19:50 . 2011-12-06 19:50 -------- d-sh--w- c:\users\*\AppData\Local\b3f9e0dc 2011-12-03 06:49 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4869E080-4C82-4F12-86E2-5C6BCDAC7691}\mpengine.dll 2011-11-29 16:33 . 2011-12-07 05:22 -------- d-----w- c:\program files (x86)\Xiph.Org 2011-11-29 16:33 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\TVersity Codec Pack 2011-11-29 16:33 . 2011-12-07 05:23 -------- d-----w- c:\programdata\TVersity 2011-11-29 16:30 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\FLV Player 2011-11-25 22:10 . 2011-12-07 05:25 -------- d-----w- c:\users\*\AppData\Local\SWTOR 2011-11-25 17:43 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-11-16 19:25 . 2011-11-16 19:25 -------- d-----w- c:\programdata\Deutsche Post AG 2011-11-16 19:25 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Deutsche Post AG 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iPod 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iTunes 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\iTunes 2011-11-13 16:45 . 2011-11-13 16:45 -------- d-----w- c:\users\*\dwhelper 2011-11-13 09:39 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Google 2011-11-13 09:39 . 2011-11-13 09:39 -------- d-----w- c:\users\*\AppData\Local\Google 2011-11-09 16:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 16:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 12:39 . 2010-12-21 19:05 25640 ----a-w- c:\windows\gdrv.sys 2011-12-09 04:41 . 2011-11-03 20:57 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-27 08:26 . 2011-07-18 18:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-19 15:56 . 2011-11-03 20:57 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-19 15:56 . 2011-11-03 20:57 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-15 08:53 . 2011-10-27 08:19 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-10-27 08:19 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-10-27 08:19 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-10-27 08:19 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-27 08:19 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-10-27 08:19 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-10-02 07:46 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-10-02 07:46 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-07-18 18:31 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-01-20 17:26 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-20 17:26 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-01-20 17:26 3074368 ----a-w- c:\windows\system32\nvsvcr.dll 2011-10-15 08:53 . 2011-01-20 17:26 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-20 17:26 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-20 17:25 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2010-12-21 19:17 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2010-12-21 19:17 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2010-06-13 23:04 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-10-04 14:16 . 2011-10-02 07:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-10-04 14:16 . 2011-10-02 07:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-10-04 14:16 . 2011-10-02 07:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-02 07:22 . 2011-10-02 07:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-09-13 05:41 . 2011-07-18 18:18 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2011-09-11 17:11 . 2011-09-11 17:11 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-16 127040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ desktop(1367).ini [2009-7-14 174] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-21 30528] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224] S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI1907.tmp [2011-08-21 102400] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe [2011-08-31 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256] S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMPROTECTOR . Inhalt des "geplante Tasks" Ordners . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.westernunion.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: browser.startup.page - 1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{71504FB8-F84D-4B63-A97F-D6D5F0F0F410} - msiexec AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler] "ImagePath"="\"c:\windows\Installer\MSI1907.tmp\" -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3383181111-2517840964-2427397164-1000\Software\SecuROM\License information*] "datasecu"=hex:68,04,fd,21,38,d2,74,a9,76,c1,ed,b8,53,75,49,d6,03,ad,48,c2,ce, e8,ba,45,de,e1,b9,ea,6d,da,6e,13,f6,46,f6,50,e0,60,90,05,86,82,e3,2b,0e,4d,\ "rkeysecu"=hex:89,40,5a,01,1a,d2,14,bb,72,7b,46,e3,ff,01,67,a4 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-12-09 13:44:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-12-09 12:44 . Vor Suchlauf: 15 Verzeichnis(se), 400.884.482.048 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 403.583.905.792 Bytes frei . - - End Of File - - 9AB0F249F157F376E65A23ADBC80A16E Mfg |
09.12.2011, 14:32 | #6 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Freut mich zu hören Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=- Reboot:: Wichtig:
Update bitte Malwarebytes und lass einen Quick Scan laufen. Poste das Logfile hier. ESET Online Scanner
Note: Schreibe dir bitte eventuelle Funde manuell auf. Manchmal hat ESET Probleme damit, diese ins Log zu schreiben. Bitte poste in deiner nächsten Antwort Combofix.txt MBAM LOg log.txt Eventuell vorhandene Probleme
__________________ --> System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden |
10.12.2011, 01:17 | #7 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, hier die combofix.txt: Code:
ATTFilter ComboFix 11-12-09.02 - * 09.12.2011 16:46:06.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2209 [GMT 1:00] ausgeführt von:: c:\users\*\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\*\Desktop\CFScript.txt AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-09 bis 2011-12-09 )))))))))))))))))))))))))))))) . . 2011-12-09 15:49 . 2011-12-09 15:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-09 15:49 . 2011-12-09 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-07 16:49 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 15:57 . 2011-12-09 15:50 -------- d-----w- c:\program files (x86)\MOBackup 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\programdata\Malwarebytes 2011-12-06 20:54 . 2011-12-07 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 19:50 . 2011-12-06 19:50 -------- d-sh--w- c:\users\*\AppData\Local\b3f9e0dc 2011-12-03 06:49 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4869E080-4C82-4F12-86E2-5C6BCDAC7691}\mpengine.dll 2011-11-29 16:33 . 2011-12-07 05:22 -------- d-----w- c:\program files (x86)\Xiph.Org 2011-11-29 16:33 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\TVersity Codec Pack 2011-11-29 16:33 . 2011-12-07 05:23 -------- d-----w- c:\programdata\TVersity 2011-11-29 16:30 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\FLV Player 2011-11-25 22:10 . 2011-12-07 05:25 -------- d-----w- c:\users\*\AppData\Local\SWTOR 2011-11-25 17:43 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-11-16 19:25 . 2011-11-16 19:25 -------- d-----w- c:\programdata\Deutsche Post AG 2011-11-16 19:25 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Deutsche Post AG 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iPod 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iTunes 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\iTunes 2011-11-13 16:45 . 2011-11-13 16:45 -------- d-----w- c:\users\*\dwhelper 2011-11-13 09:39 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Google 2011-11-13 09:39 . 2011-11-13 09:39 -------- d-----w- c:\users\*\AppData\Local\Google 2011-11-09 16:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 16:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 15:50 . 2010-12-21 19:05 25640 ----a-w- c:\windows\gdrv.sys 2011-12-09 04:41 . 2011-11-03 20:57 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-27 08:26 . 2011-07-18 18:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-19 15:56 . 2011-11-03 20:57 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-19 15:56 . 2011-11-03 20:57 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-15 08:53 . 2011-10-27 08:19 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-10-27 08:19 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-10-27 08:19 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-10-27 08:19 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-27 08:19 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-10-27 08:19 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-10-02 07:46 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-10-02 07:46 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-07-18 18:31 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-01-20 17:26 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-20 17:26 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-01-20 17:26 3074368 ----a-w- c:\windows\system32\nvsvcr.dll 2011-10-15 08:53 . 2011-01-20 17:26 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-20 17:26 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-20 17:25 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2010-12-21 19:17 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2010-12-21 19:17 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2010-06-13 23:04 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-10-04 14:16 . 2011-10-02 07:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-10-04 14:16 . 2011-10-02 07:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-10-04 14:16 . 2011-10-02 07:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-02 07:22 . 2011-10-02 07:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-09-13 05:41 . 2011-07-18 18:18 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2011-09-11 17:11 . 2011-09-11 17:11 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-09_12.40.08 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 05:10 . 2011-12-07 05:37 30862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-12-09 12:42 30862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-22 19:32 . 2011-12-09 12:42 10972 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3383181111-2517840964-2427397164-1000_UserData.bin + 2010-12-21 18:55 . 2011-12-09 13:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-21 18:55 . 2011-12-09 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-21 18:55 . 2011-12-09 13:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-21 18:55 . 2011-12-09 05:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-12-09 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-12-09 13:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-12-09 12:39 . 2011-12-09 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-09 15:50 . 2011-12-09 15:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-12-09 12:38 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-12-09 15:49 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-12-23 17:04 . 2011-12-09 15:49 61397344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3383181111-2517840964-2427397164-1000-12288.dat - 2010-12-23 17:04 . 2011-12-09 12:38 61397344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3383181111-2517840964-2427397164-1000-12288.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-16 127040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ desktop(1367).ini [2009-7-14 174] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-21 30528] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224] S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI1907.tmp [2011-08-21 102400] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe [2011-08-31 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256] S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.westernunion.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: browser.startup.page - 1 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler] "ImagePath"="\"c:\windows\Installer\MSI1907.tmp\" -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3383181111-2517840964-2427397164-1000\Software\SecuROM\License information*] "datasecu"=hex:68,04,fd,21,38,d2,74,a9,76,c1,ed,b8,53,75,49,d6,03,ad,48,c2,ce, e8,ba,45,de,e1,b9,ea,6d,da,6e,13,f6,46,f6,50,e0,60,90,05,86,82,e3,2b,0e,4d,\ "rkeysecu"=hex:89,40,5a,01,1a,d2,14,bb,72,7b,46,e3,ff,01,67,a4 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-12-09 16:54:15 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-12-09 15:54 ComboFix2.txt 2011-12-09 12:44 . Vor Suchlauf: 17 Verzeichnis(se), 403.160.039.424 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 403.935.932.416 Bytes frei . - - End Of File - - E316AFBE743B807EA2E503C0D516828E Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8328 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 09.12.2011 17:00:03 mbam-log-2011-12-09 (17-00-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 192736 Laufzeit: 2 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=25792b890381bf4e83e52aa3a9fd0b73 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-09 07:32:18 # local_time=2011-12-09 08:32:18 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 214969 214969 0 0 # compatibility_mode=5893 16776574 66 94 179409 75076446 0 0 # compatibility_mode=8192 67108863 100 0 3808 3808 0 0 # scanned=479765 # found=18 # cleaned=0 # scan_time=12542 C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4e379de6-2b7f32a5 Win32/TrojanDownloader.Small.PIP trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-3ab2d0eb a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-5b292d0f a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\0.20868835424884957fdrgs.exe a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\0.3876533187939294golda.exe a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\1D1B.tmp a variant of Win32/Kryptik.WWF trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\307D.tmp a variant of Win32/Kryptik.WWF trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\HRXCTMGS JS/TrojanDownloader.Iframe.NKF trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\ICReinstall\cnet_fences_public_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4e379de6-2b7f32a5 Win32/TrojanDownloader.Small.PIP trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-3ab2d0eb a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-5b292d0f a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\Stuff\111209_Eigene_Dateien\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\sessionstore.js HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I G:\WD SmartWare.swstor\*-PC\Volume.1fa2068e.0d33.11e0.93ce.806e6f6e6963\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4e379de6-2b7f32a5 Win32/TrojanDownloader.Small.PIP trojan (unable to clean) 00000000000000000000000000000000 I G:\WD SmartWare.swstor\*-PC\Volume.1fa2068e.0d33.11e0.93ce.806e6f6e6963\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-3ab2d0eb a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I G:\WD SmartWare.swstor\*-PC\Volume.1fa2068e.0d33.11e0.93ce.806e6f6e6963\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\433f6b3a-5b292d0f a variant of Win32/Kryptik.WUS trojan (unable to clean) 00000000000000000000000000000000 I Danke schonmal für deine weitere Hilfe. Grüße Geändert von c0bra (10.12.2011 um 01:27 Uhr) |
10.12.2011, 16:41 | #8 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter ClearJavaCache:: G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\0.20868835424884957fdrgs.exe G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\0.3876533187939294golda.exe G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\1D1B.tmp G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\307D.tmp G:\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\HRXCTMGS G:\Stuff\111209_Eigene_Dateien\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\sessionstore.js Reboot:: Wichtig:
Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort Combofix.txt OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.12.2011, 17:21 | #9 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, danke für deine Hilfe. Wird der PC wieder heile, ohne Format c:/? Weiter gehts: Combofix: Code:
ATTFilter ComboFix 11-12-10.01 - * 10.12.2011 16:57:00.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2310 [GMT 1:00] ausgeführt von:: c:\users\*\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\*\Desktop\CFScript.txt AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-10 bis 2011-12-10 )))))))))))))))))))))))))))))) . . 2011-12-10 16:00 . 2011-12-10 16:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-10 16:00 . 2011-12-10 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-10 08:12 . 2011-12-10 08:13 -------- d-----w- c:\users\*\Ausbildereignungsprüfung 2011-12-09 15:59 . 2011-12-09 15:59 -------- d-----w- c:\program files (x86)\ESET 2011-12-07 16:49 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-07 15:57 . 2011-12-09 15:50 -------- d-----w- c:\program files (x86)\MOBackup 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes 2011-12-06 20:54 . 2011-12-06 20:54 -------- d-----w- c:\programdata\Malwarebytes 2011-12-06 20:54 . 2011-12-07 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 19:50 . 2011-12-06 19:50 -------- d-sh--w- c:\users\*\AppData\Local\b3f9e0dc 2011-12-03 06:49 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4869E080-4C82-4F12-86E2-5C6BCDAC7691}\mpengine.dll 2011-11-29 16:33 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\TVersity Codec Pack 2011-11-29 16:33 . 2011-12-07 05:23 -------- d-----w- c:\programdata\TVersity 2011-11-29 16:30 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\FLV Player 2011-11-25 17:43 . 2011-12-10 07:37 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-11-16 19:25 . 2011-11-16 19:25 -------- d-----w- c:\programdata\Deutsche Post AG 2011-11-16 19:25 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Deutsche Post AG 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iPod 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files\iTunes 2011-11-15 04:18 . 2011-12-07 05:32 -------- d-----w- c:\program files (x86)\iTunes 2011-11-13 16:45 . 2011-11-13 16:45 -------- d-----w- c:\users\*\dwhelper 2011-11-13 09:39 . 2011-12-07 05:21 -------- d-----w- c:\program files (x86)\Google 2011-11-13 09:39 . 2011-11-13 09:39 -------- d-----w- c:\users\*\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 16:03 . 2010-12-21 19:05 25640 ----a-w- c:\windows\gdrv.sys 2011-12-09 04:41 . 2011-11-03 20:57 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-27 08:26 . 2011-07-18 18:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-19 15:56 . 2011-11-03 20:57 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-19 15:56 . 2011-11-03 20:57 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-15 08:53 . 2011-10-27 08:19 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-10-27 08:19 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-27 08:19 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-27 08:19 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-10-27 08:19 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-10-27 08:19 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-27 08:19 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-27 08:19 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-27 08:19 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-27 08:19 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-10-27 08:19 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-10-02 07:46 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-10-02 07:46 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-07-18 18:31 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-01-20 17:26 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-20 17:26 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-01-20 17:26 3074368 ----a-w- c:\windows\system32\nvsvcr.dll 2011-10-15 08:53 . 2011-01-20 17:26 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-20 17:26 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-20 17:25 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2010-12-21 19:17 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2010-12-21 19:17 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2010-06-13 23:04 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-10-04 14:16 . 2011-10-02 07:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-10-04 14:16 . 2011-10-02 07:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-09-29 16:29 . 2011-11-09 16:00 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-29 04:03 . 2011-11-09 16:00 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-09-13 05:41 . 2011-07-18 18:18 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2011-09-11 17:11 . 2011-09-11 17:11 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-09_12.40.08 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-12-09 04:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-12-10 08:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-12-09 04:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-12-10 08:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-12-10 08:38 . 2011-12-10 08:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121020111211\index.dat - 2009-07-14 04:54 . 2011-12-09 04:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-12-10 08:38 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-22 19:32 . 2011-12-09 15:52 45384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-12-10 15:05 30862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-12-07 05:37 30862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-22 19:32 . 2011-12-10 15:05 11178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3383181111-2517840964-2427397164-1000_UserData.bin + 2010-12-21 18:55 . 2011-12-09 13:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-21 18:55 . 2011-12-09 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-21 18:55 . 2011-12-09 05:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-21 18:55 . 2011-12-09 13:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-12-09 13:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-12-09 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-23 19:05 . 2011-12-10 08:31 3494 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-12-23 19:05 . 2011-12-06 19:59 3494 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-12-09 12:39 . 2011-12-09 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-10 16:03 . 2011-12-10 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-10 16:03 . 2011-12-10 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-09 12:39 . 2011-12-09 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-06 09:45 . 2011-12-10 08:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-03-06 09:45 . 2011-12-09 04:46 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 02:36 . 2011-12-09 04:55 618846 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-12-10 08:10 618846 c:\windows\system32\perfh009.dat + 2009-07-14 17:58 . 2011-12-10 08:10 657570 c:\windows\system32\perfh007.dat - 2009-07-14 17:58 . 2011-12-09 04:55 657570 c:\windows\system32\perfh007.dat - 2009-07-14 02:36 . 2011-12-09 04:55 107166 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-12-10 08:10 107166 c:\windows\system32\perfc009.dat + 2009-07-14 17:58 . 2011-12-10 08:10 130942 c:\windows\system32\perfc007.dat - 2009-07-14 17:58 . 2011-12-09 04:55 130942 c:\windows\system32\perfc007.dat + 2009-07-14 05:01 . 2011-12-10 16:01 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-12-09 12:38 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-12-23 17:04 . 2011-12-10 16:01 61426708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3383181111-2517840964-2427397164-1000-12288.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-16 127040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe" [2011-08-31 449608] . c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ desktop(1367).ini [2009-7-14 174] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-21 30528] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224] S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI1907.tmp [2011-08-21 102400] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe [2011-08-31 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256] S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . 2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 09:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-06-22 03:02 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.westernunion.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxp://www.westernunion.de/ FF - user.js: browser.startup.page - 1 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler] "ImagePath"="\"c:\windows\Installer\MSI1907.tmp\" -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3383181111-2517840964-2427397164-1000\Software\SecuROM\License information*] "datasecu"=hex:68,04,fd,21,38,d2,74,a9,76,c1,ed,b8,53,75,49,d6,03,ad,48,c2,ce, e8,ba,45,de,e1,b9,ea,6d,da,6e,13,f6,46,f6,50,e0,60,90,05,86,82,e3,2b,0e,4d,\ "rkeysecu"=hex:89,40,5a,01,1a,d2,14,bb,72,7b,46,e3,ff,01,67,a4 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-12-10 17:07:33 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-12-10 16:07 ComboFix2.txt 2011-12-09 15:54 ComboFix3.txt 2011-12-09 12:44 . Vor Suchlauf: 17 Verzeichnis(se), 408.682.098.688 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 409.135.144.960 Bytes frei . - - End Of File - - 4AD52BC85A6FF7AEF7DBD8FA4B4CFB49 Code:
ATTFilter OTL logfile created on: 10.12.2011 17:10:49 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,41% Memory free 7,98 Gb Paging File | 5,85 Gb Available in Paging File | 73,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,10 Gb Total Space | 381,13 Gb Free Space | 81,07% Space Free | Partition Type: NTFS Drive E: | 363,66 Gb Total Space | 354,34 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 95,52 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 1796,06 Gb Free Space | 96,41% Space Free | Partition Type: NTFS Computer Name: *-PC | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital ) SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital ) SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (WDC) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation) SRV - (HyperDeskCustomThemeEnabler) -- C:\Windows\Installer\MSI1907.tmp () SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (KovaPlusFltr) -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys (ROCCAT Development, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RT61) -- C:\Windows\SysNative\drivers\rt61.sys (Ralink Technology, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 76 EF CD 87 87 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0 FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll File not found FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.07 06:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.07 06:32:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.12.07 06:32:19 | 000,000,000 | ---D | M] [2010.12.23 16:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2011.12.07 16:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions [2011.12.07 16:17:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.07 06:32:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.07 06:32:39 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\2020Player@2020Technologies.com [2011.09.13 07:13:47 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\firejump@firejump.net [2011.01.08 19:09:34 | 000,002,059 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\searchplugins\daemon-search.xml [2011.11.08 19:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6JQ2AQI7.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI [2011.11.08 19:34:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2007.09.23 23:41:20 | 000,404,992 | ---- | M] (PLATINUM technology, inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npcosmop211.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.14 06:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.14 06:32:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.14 06:32:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.14 06:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.14 06:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.14 06:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.10 17:03:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8597158F-9D4D-49F8-B36C-B11B5BA642EA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.10 16:52:26 | 004,331,207 | ---- | C] (Swearware) -- C:\Users\*\Desktop\ComboFix(1).exe [2011.12.10 16:51:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2011.12.10 16:48:18 | 004,334,705 | R--- | C] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe [2011.12.10 16:16:44 | 016,056,112 | ---- | C] (ICQ) -- C:\Users\*\Desktop\install_icq7.exe [2011.12.10 09:12:00 | 000,000,000 | ---D | C] -- C:\Users\*\Ausbildereignungsprüfung [2011.12.09 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.09 13:31:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.09 13:31:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.09 13:31:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.09 13:30:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.09 13:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.07 17:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.07 17:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1 [2011.12.07 17:49:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.07 16:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOBackup [2011.12.06 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2011.12.06 21:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.06 21:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.06 20:50:34 | 000,000,000 | -HSD | C] -- C:\Users\*\AppData\Local\b3f9e0dc [2011.11.30 05:16:58 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\ge [2011.11.29 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\*\Application Data [2011.11.29 17:33:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server [2011.11.29 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack [2011.11.29 17:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack [2011.11.29 17:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity [2011.11.29 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2011.11.27 18:54:34 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\German_TOP100_Single_Charts_28_11_2011-MCG [2011.11.27 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\VA_-_Future_Trance_Vol._58-2CD-2011-DJ [2011.11.27 14:56:40 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\111126_Bilder_Wohnunh [2011.11.25 18:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2011.11.16 20:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG [2011.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Deutsche Post AG [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Post AG [2011.11.15 05:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.15 05:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.15 05:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.15 05:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.13 17:45:24 | 000,000,000 | ---D | C] -- C:\Users\*\dwhelper [2011.11.13 10:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.13 10:39:33 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Google [2011.11.13 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google ========== Files - Modified Within 30 Days ========== [2011.12.10 17:12:51 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 17:12:51 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 17:03:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.10 17:03:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.10 17:03:05 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011.12.10 17:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.10 17:02:32 | 3214,483,456 | -HS- | M] () -- C:\hiberfil.sys [2011.12.10 16:53:14 | 004,334,705 | R--- | M] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe [2011.12.10 16:52:33 | 004,331,207 | ---- | M] (Swearware) -- C:\Users\*\Desktop\ComboFix(1).exe [2011.12.10 16:52:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2011.12.10 16:44:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.10 16:16:59 | 016,056,112 | ---- | M] (ICQ) -- C:\Users\*\Desktop\install_icq7.exe [2011.12.10 09:10:33 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.10 09:10:33 | 000,657,570 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.10 09:10:33 | 000,618,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.10 09:10:33 | 000,130,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.10 09:10:33 | 000,107,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.10 08:10:08 | 001,536,100 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay2_.pdf [2011.12.10 07:55:00 | 004,019,742 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay.pdf [2011.12.10 07:44:06 | 000,016,026 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay_2.Rechnung.pdf [2011.12.09 17:54:15 | 000,001,023 | ---- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.09 05:41:55 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.07 16:17:25 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable [2011.12.06 21:02:46 | 000,000,288 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Q [2011.12.06 21:02:46 | 000,000,200 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Qr [2011.12.06 20:57:26 | 000,000,448 | ---- | M] () -- C:\ProgramData\16XWgnoy1VoO0Q [2011.12.05 09:56:56 | 005,015,374 | ---- | M] () -- C:\Users\*\Desktop\11-kool_savas_-_aura.mp3 [2011.12.05 09:56:43 | 006,488,321 | ---- | M] () -- C:\Users\*\Desktop\16-rihanna_feat._calvin_harris_-_we_found_love.mp3 [2011.12.05 09:56:16 | 006,223,330 | ---- | M] () -- C:\Users\*\Desktop\04-david_guetta_feat._usher_-_without_you.mp3 [2011.12.01 23:09:03 | 007,078,826 | ---- | M] () -- C:\Users\*\Desktop\01-pink--bridge_of_light_(feat._happy_feet_two_chorus)-oma.mp3 [2011.11.30 20:43:27 | 000,014,403 | ---- | M] () -- C:\Users\*\Desktop\form_businessVetting.pdf [2011.11.28 18:54:52 | 000,041,533 | -HS- | M] () -- C:\Users\*\Desktop\Folder.jpg [2011.11.28 18:54:52 | 000,008,926 | -HS- | M] () -- C:\Users\*\Desktop\AlbumArtSmall.jpg [2011.11.20 20:50:51 | 000,369,502 | ---- | M] () -- C:\Users\*\Desktop\S-MPSG-1549.zip [2011.11.20 15:16:01 | 000,848,724 | ---- | M] () -- C:\Users\*\Desktop\Ausweis_hinten_0001.jpg [2011.11.20 15:12:54 | 000,403,279 | ---- | M] () -- C:\Users\*\111120_KVV-Ausweis.pdf [2011.11.18 17:47:36 | 000,000,285 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.16 17:49:45 | 002,042,815 | ---- | M] () -- C:\Users\*\Desktop\0266600001307639742.pdf [2011.11.14 21:27:58 | 000,005,280 | ---- | M] () -- C:\Users\*\Desktop\timwolla.wcf.annoy_1.0.0.tar.gz ========== Files Created - No Company Name ========== [2011.12.10 08:10:08 | 001,536,100 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay2_.pdf [2011.12.10 07:54:59 | 004,019,742 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay.pdf [2011.12.10 07:44:06 | 000,016,026 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay_2.Rechnung.pdf [2011.12.09 17:54:15 | 000,001,023 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.09 13:31:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.09 13:31:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.09 13:31:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.09 13:31:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.09 13:31:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.07 16:17:25 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable [2011.12.06 20:56:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~16XWgnoy1VoO0Q [2011.12.06 20:56:14 | 000,000,200 | ---- | C] () -- C:\ProgramData\~16XWgnoy1VoO0Qr [2011.12.06 20:56:09 | 000,000,448 | ---- | C] () -- C:\ProgramData\16XWgnoy1VoO0Q [2011.12.06 17:32:33 | 006,223,330 | ---- | C] () -- C:\Users\*\Desktop\04-david_guetta_feat._usher_-_without_you.mp3 [2011.12.06 17:32:25 | 006,488,321 | ---- | C] () -- C:\Users\*\Desktop\16-rihanna_feat._calvin_harris_-_we_found_love.mp3 [2011.12.06 17:32:21 | 005,015,374 | ---- | C] () -- C:\Users\*\Desktop\11-kool_savas_-_aura.mp3 [2011.12.04 16:37:46 | 007,078,826 | ---- | C] () -- C:\Users\*\Desktop\01-pink--bridge_of_light_(feat._happy_feet_two_chorus)-oma.mp3 [2011.11.30 20:43:26 | 000,014,403 | ---- | C] () -- C:\Users\*\Desktop\form_businessVetting.pdf [2011.11.20 20:50:50 | 000,369,502 | ---- | C] () -- C:\Users\*\Desktop\S-MPSG-1549.zip [2011.11.20 15:16:33 | 000,848,724 | ---- | C] () -- C:\Users\*\Desktop\Ausweis_hinten_0001.jpg [2011.11.20 15:12:54 | 000,403,279 | ---- | C] () -- C:\Users\*\111120_KVV-Ausweis.pdf [2011.11.16 20:25:47 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.16 17:49:45 | 002,042,815 | ---- | C] () -- C:\Users\*\Desktop\0266600001307639742.pdf [2011.11.14 21:27:57 | 000,005,280 | ---- | C] () -- C:\Users\*\Desktop\timwolla.wcf.annoy_1.0.0.tar.gz [2011.11.13 10:39:41 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.13 10:39:39 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.07 21:21:01 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.31 17:46:23 | 000,000,017 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg [2011.07.18 20:14:27 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Local\PUTTY.RND [2011.05.29 20:03:27 | 000,004,096 | ---- | C] () -- C:\Users\*\AppData\Local\keyfile3.drm [2011.04.23 14:20:14 | 000,000,109 | ---- | C] () -- C:\Users\*\AppData\Roaming\burnaware.ini [2011.03.18 15:41:24 | 000,000,119 | ---- | C] () -- C:\Windows\telephon.ini [2011.02.08 18:56:11 | 000,139,432 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 22:07:39 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.12.23 17:10:38 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.21 20:15:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.21 20:14:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll [2010.12.21 20:05:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system(1370).ini [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.09.23 23:41:20 | 000,779,776 | ---- | C] () -- C:\Windows\SysWow64\cp211_main.dll [2007.09.23 23:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicslarge8.dll [2007.09.23 23:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicslarge16.dll [2007.09.23 23:41:20 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\cp211_javascript.dll [2007.09.23 23:41:20 | 000,226,304 | ---- | C] () -- C:\Windows\SysWow64\cp211_msjava.dll [2007.09.23 23:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicsmed8.dll [2007.09.23 23:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicsmed16.dll [2007.09.23 23:41:20 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\cp211_vrml1to2.dll [2007.09.23 23:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicssmall8.dll [2007.09.23 23:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicssmall16.dll [2007.09.23 23:41:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\cp211_lang.dll [2007.09.23 23:41:20 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\cp211_basic.dll [2007.09.23 23:41:20 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicspos.dll [2007.09.23 23:41:20 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\vrml1tovrml2.exe < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.12.2011 17:10:49 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,41% Memory free 7,98 Gb Paging File | 5,85 Gb Available in Paging File | 73,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,10 Gb Total Space | 381,13 Gb Free Space | 81,07% Space Free | Partition Type: NTFS Drive E: | 363,66 Gb Total Space | 354,34 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 95,52 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 1796,06 Gb Free Space | 96,41% Space Free | Partition Type: NTFS Computer Name: *-PC | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1209DE8E-19E1-45BD-BDF7-AFC53BEA2A19}" = Hyperdesk - Flagship "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}" = ROCCAT Kova[+] Mouse Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Cosmo Player 2.1.1" = Cosmo Player 2.1.1 (41451) "CosmoPlayer" = Cosmo Player 2.1.1 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FTPRush_is1" = FTPRush v1 Unicode "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Room Arranger" = Room Arranger "Steam App 240" = Counter-Strike: Source "SystemRequirementsLab" = System Requirements Lab "TrueCrypt" = TrueCrypt "TVersity Codec Pack" = TVersity Codec Pack 1.7 "TVersity Media Server" = TVersity Media Server 1.9.7 "VLC media player" = VLC media player 1.1.9 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.09.2011 00:12:35 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:12:35 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13002886 Error - 14.09.2011 00:12:35 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13002886 Error - 14.09.2011 00:12:36 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:12:36 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13003884 Error - 14.09.2011 00:12:36 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13003884 Error - 14.09.2011 00:12:37 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:12:37 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13004883 Error - 14.09.2011 00:12:37 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13004883 Error - 14.09.2011 00:12:38 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ OSession Events ] Error - 05.04.2011 12:05:43 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 373 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.08.2011 15:23:38 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.11.2011 13:40:02 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:10 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:11 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:13 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:29 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:33 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:39 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:40 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:41:09 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 08.11.2011 00:36:27 | Computer Name = *-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{8597158F-9D4D-49F8-B36C-B11B5BA642EA} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. < End of report > |
10.12.2011, 17:42 | #10 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Was ist deine Platte G: ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.12.2011, 17:45 | #11 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Meine Externe, My Book von Western Digital |
10.12.2011, 18:21 | #12 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Häng die mal an, Speichere folgende Batch Datei darauf. Nicht in einen Ordner, sondern direkt in das Hauptverzeichnis ( G: ) Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off del /a/f/g "%cd%\Stuff\111209_Eigene_Dateien\AppData\Local\Temp\*.*" del %0
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Nach dem Neustart
Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.12.2011, 18:38 | #13 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, die externe Festplatte hing schon die komplette Zeit dran. Habe die File.bat als admin ausgeführt! Java ist auch upgedatet, ältere Versionen gab es keine zum deinstallieren. Neustart ist erfolgt und die temporären Dateien wurde ebenfalls gelöscht. Hier die beiden gewünschten Dateien: OTL.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 10.12.2011 18:34:55 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,26% Memory free 7,98 Gb Paging File | 5,76 Gb Available in Paging File | 72,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,10 Gb Total Space | 380,38 Gb Free Space | 80,92% Space Free | Partition Type: NTFS Drive E: | 363,66 Gb Total Space | 354,34 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 95,52 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 1796,12 Gb Free Space | 96,41% Space Free | Partition Type: NTFS Computer Name: *-PC | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.) PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital ) SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital ) SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (WDC) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation) SRV - (HyperDeskCustomThemeEnabler) -- C:\Windows\Installer\MSI1907.tmp () SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (KovaPlusFltr) -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys (ROCCAT Development, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RT61) -- C:\Windows\SysNative\drivers\rt61.sys (Ralink Technology, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 76 EF CD 87 87 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0 FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll File not found FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.07 06:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.10 18:27:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.12.07 06:32:19 | 000,000,000 | ---D | M] [2010.12.23 16:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2011.12.07 16:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions [2011.12.07 16:17:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.07 06:32:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.07 06:32:39 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\2020Player@2020Technologies.com [2011.09.13 07:13:47 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6jq2aqi7.default\extensions\firejump@firejump.net [2011.01.08 19:09:34 | 000,002,059 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\6jq2aqi7.default\searchplugins\daemon-search.xml [2011.12.10 18:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.10 18:25:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6JQ2AQI7.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI [2011.11.08 19:34:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2007.09.23 23:41:20 | 000,404,992 | ---- | M] (PLATINUM technology, inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npcosmop211.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.14 06:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.14 06:32:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.14 06:32:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.14 06:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.14 06:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.14 06:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.10 17:03:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8597158F-9D4D-49F8-B36C-B11B5BA642EA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.10 18:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.10 18:25:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.12.10 18:25:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.12.10 18:25:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.12.10 18:24:09 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\*\Desktop\jxpiinstall.exe [2011.12.10 18:08:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.10 16:51:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2011.12.10 16:16:44 | 016,056,112 | ---- | C] (ICQ) -- C:\Users\*\Desktop\install_icq7.exe [2011.12.10 09:12:00 | 000,000,000 | ---D | C] -- C:\Users\*\Ausbildereignungsprüfung [2011.12.09 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.09 13:31:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.09 13:31:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.09 13:31:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.09 13:30:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.09 13:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.07 17:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.07 17:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1 [2011.12.07 17:49:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.07 16:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOBackup [2011.12.06 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2011.12.06 21:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.06 21:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.06 20:50:34 | 000,000,000 | -HSD | C] -- C:\Users\*\AppData\Local\b3f9e0dc [2011.11.30 05:16:58 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\ge [2011.11.29 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\*\Application Data [2011.11.29 17:33:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server [2011.11.29 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack [2011.11.29 17:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack [2011.11.29 17:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity [2011.11.29 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2011.11.27 18:54:34 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\German_TOP100_Single_Charts_28_11_2011-MCG [2011.11.27 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\VA_-_Future_Trance_Vol._58-2CD-2011-DJ [2011.11.27 14:56:40 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\111126_Bilder_Wohnunh [2011.11.25 18:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2011.11.16 20:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG [2011.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Deutsche Post AG [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Post AG [2011.11.15 05:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.15 05:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.15 05:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.15 05:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.13 17:45:24 | 000,000,000 | ---D | C] -- C:\Users\*\dwhelper [2011.11.13 10:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.13 10:39:33 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Google [2011.11.13 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google ========== Files - Modified Within 30 Days ========== [2011.12.10 18:36:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 18:36:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 18:28:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.10 18:28:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011.12.10 18:27:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.10 18:27:32 | 3214,483,456 | -HS- | M] () -- C:\hiberfil.sys [2011.12.10 18:24:10 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\*\Desktop\jxpiinstall.exe [2011.12.10 18:08:04 | 000,113,033 | ---- | M] () -- C:\Users\*\Desktop\Unbenannt.PNG [2011.12.10 17:44:07 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.10 17:03:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.10 16:52:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2011.12.10 16:16:59 | 016,056,112 | ---- | M] (ICQ) -- C:\Users\*\Desktop\install_icq7.exe [2011.12.10 09:10:33 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.10 09:10:33 | 000,657,570 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.10 09:10:33 | 000,618,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.10 09:10:33 | 000,130,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.10 09:10:33 | 000,107,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.10 08:10:08 | 001,536,100 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay2_.pdf [2011.12.10 07:55:00 | 004,019,742 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay.pdf [2011.12.10 07:44:06 | 000,016,026 | ---- | M] () -- C:\Users\*\Desktop\111210_Nachweise_ebay_2.Rechnung.pdf [2011.12.09 17:54:15 | 000,001,023 | ---- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.09 05:41:55 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.07 16:17:25 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable [2011.12.06 21:02:46 | 000,000,288 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Q [2011.12.06 21:02:46 | 000,000,200 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Qr [2011.12.06 20:57:26 | 000,000,448 | ---- | M] () -- C:\ProgramData\16XWgnoy1VoO0Q [2011.12.05 09:56:56 | 005,015,374 | ---- | M] () -- C:\Users\*\Desktop\11-kool_savas_-_aura.mp3 [2011.12.05 09:56:43 | 006,488,321 | ---- | M] () -- C:\Users\*\Desktop\16-rihanna_feat._calvin_harris_-_we_found_love.mp3 [2011.12.05 09:56:16 | 006,223,330 | ---- | M] () -- C:\Users\*\Desktop\04-david_guetta_feat._usher_-_without_you.mp3 [2011.12.01 23:09:03 | 007,078,826 | ---- | M] () -- C:\Users\*\Desktop\01-pink--bridge_of_light_(feat._happy_feet_two_chorus)-oma.mp3 [2011.11.30 20:43:27 | 000,014,403 | ---- | M] () -- C:\Users\*\Desktop\form_businessVetting.pdf [2011.11.28 18:54:52 | 000,041,533 | -HS- | M] () -- C:\Users\*\Desktop\Folder.jpg [2011.11.28 18:54:52 | 000,008,926 | -HS- | M] () -- C:\Users\*\Desktop\AlbumArtSmall.jpg [2011.11.20 20:50:51 | 000,369,502 | ---- | M] () -- C:\Users\*\Desktop\S-MPSG-1549.zip [2011.11.20 15:16:01 | 000,848,724 | ---- | M] () -- C:\Users\*\Desktop\Ausweis_hinten_0001.jpg [2011.11.20 15:12:54 | 000,403,279 | ---- | M] () -- C:\Users\*\111120_KVV-Ausweis.pdf [2011.11.18 17:47:36 | 000,000,285 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.16 17:49:45 | 002,042,815 | ---- | M] () -- C:\Users\*\Desktop\0266600001307639742.pdf [2011.11.14 21:27:58 | 000,005,280 | ---- | M] () -- C:\Users\*\Desktop\timwolla.wcf.annoy_1.0.0.tar.gz ========== Files Created - No Company Name ========== [2011.12.10 18:08:04 | 000,113,033 | ---- | C] () -- C:\Users\*\Desktop\Unbenannt.PNG [2011.12.10 08:10:08 | 001,536,100 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay2_.pdf [2011.12.10 07:54:59 | 004,019,742 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay.pdf [2011.12.10 07:44:06 | 000,016,026 | ---- | C] () -- C:\Users\*\Desktop\111210_Nachweise_ebay_2.Rechnung.pdf [2011.12.09 17:54:15 | 000,001,023 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.09 13:31:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.09 13:31:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.09 13:31:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.09 13:31:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.09 13:31:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.07 16:17:25 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable [2011.12.06 20:56:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~16XWgnoy1VoO0Q [2011.12.06 20:56:14 | 000,000,200 | ---- | C] () -- C:\ProgramData\~16XWgnoy1VoO0Qr [2011.12.06 20:56:09 | 000,000,448 | ---- | C] () -- C:\ProgramData\16XWgnoy1VoO0Q [2011.12.06 17:32:33 | 006,223,330 | ---- | C] () -- C:\Users\*\Desktop\04-david_guetta_feat._usher_-_without_you.mp3 [2011.12.06 17:32:25 | 006,488,321 | ---- | C] () -- C:\Users\*\Desktop\16-rihanna_feat._calvin_harris_-_we_found_love.mp3 [2011.12.06 17:32:21 | 005,015,374 | ---- | C] () -- C:\Users\*\Desktop\11-kool_savas_-_aura.mp3 [2011.12.04 16:37:46 | 007,078,826 | ---- | C] () -- C:\Users\*\Desktop\01-pink--bridge_of_light_(feat._happy_feet_two_chorus)-oma.mp3 [2011.11.30 20:43:26 | 000,014,403 | ---- | C] () -- C:\Users\*\Desktop\form_businessVetting.pdf [2011.11.20 20:50:50 | 000,369,502 | ---- | C] () -- C:\Users\*\Desktop\S-MPSG-1549.zip [2011.11.20 15:16:33 | 000,848,724 | ---- | C] () -- C:\Users\*\Desktop\Ausweis_hinten_0001.jpg [2011.11.20 15:12:54 | 000,403,279 | ---- | C] () -- C:\Users\*\111120_KVV-Ausweis.pdf [2011.11.16 20:25:47 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.16 17:49:45 | 002,042,815 | ---- | C] () -- C:\Users\*\Desktop\0266600001307639742.pdf [2011.11.14 21:27:57 | 000,005,280 | ---- | C] () -- C:\Users\*\Desktop\timwolla.wcf.annoy_1.0.0.tar.gz [2011.11.13 10:39:41 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.13 10:39:39 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.07 21:21:01 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.31 17:46:23 | 000,000,017 | ---- | C] () -- C:\Users\*\AppData\Local\resmon.resmoncfg [2011.07.18 20:14:27 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Local\PUTTY.RND [2011.05.29 20:03:27 | 000,004,096 | ---- | C] () -- C:\Users\*\AppData\Local\keyfile3.drm [2011.04.23 14:20:14 | 000,000,109 | ---- | C] () -- C:\Users\*\AppData\Roaming\burnaware.ini [2011.03.18 15:41:24 | 000,000,119 | ---- | C] () -- C:\Windows\telephon.ini [2011.02.08 18:56:11 | 000,139,432 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 22:07:39 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.12.23 17:10:38 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.21 20:15:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.21 20:14:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll [2010.12.21 20:05:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system(1370).ini [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.09.23 23:41:20 | 000,779,776 | ---- | C] () -- C:\Windows\SysWow64\cp211_main.dll [2007.09.23 23:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicslarge8.dll [2007.09.23 23:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicslarge16.dll [2007.09.23 23:41:20 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\cp211_javascript.dll [2007.09.23 23:41:20 | 000,226,304 | ---- | C] () -- C:\Windows\SysWow64\cp211_msjava.dll [2007.09.23 23:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicsmed8.dll [2007.09.23 23:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicsmed16.dll [2007.09.23 23:41:20 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\cp211_vrml1to2.dll [2007.09.23 23:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicssmall8.dll [2007.09.23 23:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicssmall16.dll [2007.09.23 23:41:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\cp211_lang.dll [2007.09.23 23:41:20 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\cp211_basic.dll [2007.09.23 23:41:20 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\cp211_graphicspos.dll [2007.09.23 23:41:20 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\vrml1tovrml2.exe < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.12.2011 18:34:55 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,26% Memory free 7,98 Gb Paging File | 5,76 Gb Available in Paging File | 72,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470,10 Gb Total Space | 380,38 Gb Free Space | 80,92% Space Free | Partition Type: NTFS Drive E: | 363,66 Gb Total Space | 354,34 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 95,52 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 1796,12 Gb Free Space | 96,41% Space Free | Partition Type: NTFS Computer Name: *-PC | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1209DE8E-19E1-45BD-BDF7-AFC53BEA2A19}" = Hyperdesk - Flagship "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}" = ROCCAT Kova[+] Mouse Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Cosmo Player 2.1.1" = Cosmo Player 2.1.1 (41451) "CosmoPlayer" = Cosmo Player 2.1.1 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FTPRush_is1" = FTPRush v1 Unicode "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Room Arranger" = Room Arranger "Steam App 240" = Counter-Strike: Source "SystemRequirementsLab" = System Requirements Lab "TrueCrypt" = TrueCrypt "TVersity Codec Pack" = TVersity Codec Pack 1.7 "TVersity Media Server" = TVersity Media Server 1.9.7 "VLC media player" = VLC media player 1.1.9 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.09.2011 00:12:59 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13026879 Error - 14.09.2011 00:13:00 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:13:00 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13027877 Error - 14.09.2011 00:13:00 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13027877 Error - 14.09.2011 00:13:01 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:13:01 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13028875 Error - 14.09.2011 00:13:01 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13028875 Error - 14.09.2011 00:13:02 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.09.2011 00:13:02 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13029874 Error - 14.09.2011 00:13:02 | Computer Name = *-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13029874 [ OSession Events ] Error - 05.04.2011 12:05:43 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 373 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.08.2011 15:23:38 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.11.2011 13:40:02 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:10 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:11 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:13 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:29 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy15" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:33 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:39 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:40:40 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 04.11.2011 13:41:09 | Computer Name = *-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error - 08.11.2011 00:36:27 | Computer Name = *-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{8597158F-9D4D-49F8-B36C-B11B5BA642EA} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. < End of report > Gruß |
10.12.2011, 19:26 | #14 |
/// Selecta Jahrusso | System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden
Code:
ATTFilter :otl [2011.12.06 21:02:46 | 000,000,288 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Q [2011.12.06 21:02:46 | 000,000,200 | ---- | M] () -- C:\ProgramData\~16XWgnoy1VoO0Qr [2011.12.06 20:57:26 | 000,000,448 | ---- | M] () -- C:\ProgramData\16XWgnoy1VoO0Q
Solltest du keine weiteren Probleme mehr haben, sind wir hier fertig. Bitte folge den letzten paar Schritten. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.12.2011, 19:40 | #15 |
| System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden Hallo, der obere Teil wurde erl. Beim Combofix /Uninstall gibt es Probleme, es heißt das Programm wurde nicht gefunden. Soll ich die restlichen Schritte jetzt schon ausführen? Grüße |
Themen zu System Fix Virus Windows Hard Disk failed / Dateien auf Festplatte / Desktop verschwunden |
anhang, autostart, code, dateien, desktop, detected, failed, fehlen, fenster, festplatte, fix, griff, hard disk, kaputt, log, nicht sichtbar, platte, posten, probleme, ram, sichtbar, system, system fix virus, systemwiederherstellung, tan, verschwunden, virus, windows |