| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "mediashifting.com" TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2012, 22:04
| #1 |
| |  "mediashifting.com" Trojaner Hallo zusammen! Leider habe ich seit einigen Tagen das Problem, dass sich immer wieder eine Seite "mediashifting.com" öffnet, wenn ich meinen Firefox-Browser nutze. Ich habe mich nun über Google so gut wie möglich informiert - anscheinend handelt es sich dabei um einen Trojaner. Ich habe dazu vor allem auch die aktuelle Diskussion von DanyRibi und Chris4You hier im Forum angeschaut. Ich habe nun einiges ausprobiert, aber leider existiert das Problem immer noch. Konkret habe ich bereits: - Einen kompletten Systemcheck mit Antivir durchgeführt und die gefundenen Viren in die Quarantäne verschoben (Genauer Report s.u.) - Einen kompletten Systemcheck mit Malwarebytes gemacht (Log s.u.) und anschließend neu gestartet - Mit Spybot Search and Destroy gearbeitet und Probleme behoben (dazu kann ich leider nichts zeigen, das ist ja gelöscht oder ich finde es nur einfach nicht) Ich werde gleich auch noch ein OTL und MBR-Check versuchen und posten (hilft das?!?). Wichtig ist mir im Moment auch: Darf ich alles machen oder sind Online-Banking/Shopping usw. eine ganz schlechte Idee...? Außerdem habe ich mir nun als vorläufige Ersatzlösung Google Chrome geholt (hier hatte ich das Problem bislang nicht) - wahrscheinlich eine dumme Frage, aber ist der Virus inaktiv, wenn ich nicht mit Firefox arbeite? Ich freue mich sehr, wenn mir jemand dabei helfen kann, den Virus wieder loszuwerden. Vielen vielen Dank im Voraus für eure Hilfestellungen und das tolle Angebot allgemein!!  Liebe Grüße Hannah __________________________________________________ Report zu Antivir: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 14. Januar 2012 11:54 Es wird nach 3069807 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : HANNAH-PC Versionsinformationen: BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 10.07.2011 10:52:30 AVSCAN.DLL : 10.0.5.0 57192 Bytes 10.07.2011 10:52:30 LUKE.DLL : 10.3.0.5 45416 Bytes 10.07.2011 10:52:30 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 10.07.2011 10:52:30 AVREG.DLL : 10.3.0.9 88833 Bytes 16.07.2011 10:52:53 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 16:13:16 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:40:42 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:40:42 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:40:42 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:40:42 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:40:42 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:40:42 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:40:42 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:40:42 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:40:42 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:40:42 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:40:43 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 12:10:11 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 14:20:43 VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 11:58:27 VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 11:58:53 VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 21:52:48 VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 16:08:46 VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 13:57:35 VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 21:52:38 VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 22:23:18 VBASE022.VDF : 7.11.21.13 135168 Bytes 13.01.2012 10:49:07 VBASE023.VDF : 7.11.21.14 2048 Bytes 13.01.2012 10:49:07 VBASE024.VDF : 7.11.21.15 2048 Bytes 13.01.2012 10:49:07 VBASE025.VDF : 7.11.21.16 2048 Bytes 13.01.2012 10:49:07 VBASE026.VDF : 7.11.21.17 2048 Bytes 13.01.2012 10:49:07 VBASE027.VDF : 7.11.21.18 2048 Bytes 13.01.2012 10:49:07 VBASE028.VDF : 7.11.21.19 2048 Bytes 13.01.2012 10:49:07 VBASE029.VDF : 7.11.21.20 2048 Bytes 13.01.2012 10:49:07 VBASE030.VDF : 7.11.21.21 2048 Bytes 13.01.2012 10:49:07 VBASE031.VDF : 7.11.21.28 26112 Bytes 13.01.2012 10:49:08 Engineversion : 8.2.8.26 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 19:07:34 AESCRIPT.DLL : 8.1.3.97 426363 Bytes 13.01.2012 08:15:20 AESCN.DLL : 8.1.7.2 127349 Bytes 13.12.2010 07:39:16 AESBX.DLL : 8.2.4.5 434549 Bytes 05.12.2011 13:59:18 AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 10:14:04 AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:36:01 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 12:00:04 AEHEUR.DLL : 8.1.3.18 4297079 Bytes 13.01.2012 08:15:19 AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 19:06:06 AEGEN.DLL : 8.1.5.17 405877 Bytes 09.12.2011 13:56:46 AEEMU.DLL : 8.1.3.0 393589 Bytes 13.12.2010 07:39:10 AECORE.DLL : 8.1.24.3 201079 Bytes 30.12.2011 11:59:01 AEBB.DLL : 8.1.1.0 53618 Bytes 13.12.2010 07:39:10 AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20 AVPREF.DLL : 10.0.3.2 44904 Bytes 10.07.2011 10:52:30 AVREP.DLL : 10.0.0.10 174120 Bytes 18.05.2011 20:53:26 AVARKT.DLL : 10.0.26.1 255336 Bytes 10.07.2011 10:52:29 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 10.07.2011 10:52:29 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 10.07.2011 10:52:29 RCTEXT.DLL : 10.0.64.0 98664 Bytes 10.07.2011 10:52:29 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 14. Januar 2012 11:54 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '134' Modul(e) wurden durchsucht Durchsuche Prozess 'IELowutil.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqgpc01.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqbam08.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqSTE08.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuSchd2.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'UIExec.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'VCDDaemon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'acrotray.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqtra08.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'EasySpeedUpManager.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'WTGService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'AssistantServices.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1453' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$R3NHUZS.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$R8YZLZ5.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$RC9355Y.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$RGA7USG.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$RNVOMMK.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$RYHB7AT.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3684009831-1757761012-2784501651-1000\$RYLYJD3.part [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\10[1].exe [FUND] Ist das Trojanische Pferd TR/Gamarue.be.1 C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\3[1].exe [FUND] Ist das Trojanische Pferd TR/Drop.Sirefef.B.638 C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\6[1].exe [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen5 C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 Beginne mit der Desinfektion: C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49170921.qua' verschoben! C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\6[1].exe [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen5 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51bd26ab.qua' verschoben! C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\3[1].exe [FUND] Ist das Trojanische Pferd TR/Drop.Sirefef.B.638 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03e27c43.qua' verschoben! C:\Users\H A N N A H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT0BO17K\10[1].exe [FUND] Ist das Trojanische Pferd TR/Gamarue.be.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '65fb336a.qua' verschoben! Ende des Suchlaufs: Samstag, 14. Januar 2012 16:58 Benötigte Zeit: 3:58:22 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 43747 Verzeichnisse wurden überprüft 2290955 Dateien wurden geprüft 4 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 4 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2290951 Dateien ohne Befall 16124 Archive wurden durchsucht 7 Warnungen 4 Hinweise 660200 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden __________________________________________________________ Logdatei zu Malwarebytes Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 H A N N A H :: HANNAH-PC [Administrator] Schutz: Aktiviert 14.01.2012 12:17:57 mbam-log-2012-01-14 (12-17-57).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 461952 Laufzeit: 2 Stunde(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\H A N N A H\AppData\Local\57af559d\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\Real\RealPlayer\rp11_premium.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
14.01.2012, 22:25
| #2 |
| |  "mediashifting.com" Trojaner OTL.txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.01.2012 22:07:32 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\H A N N A H\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,33% Memory free 5,00 Gb Paging File | 2,95 Gb Available in Paging File | 59,08% Paging File free Paging file location(s): c:\pagefile.sys 3069 3069 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 49,94 Gb Free Space | 21,45% Space Free | Partition Type: NTFS Computer Name: HANNAH-PC | User Name: H A N N A H | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\H A N N A H\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\H A N N A H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe () PRC - C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe () PRC - C:\Program Files (x86)\3DataManager\WTGService.exe () PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll () MOD - C:\Users\HANNAH~1\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll () MOD - C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (hwusbdev) -- C:\Windows\SysWOW64\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD EA 12 C6 AC C8 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://sueddeutsche.de/" FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\H A N N A H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\H A N N A H\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\H A N N A H\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.15 19:07:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.01 23:41:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.01.16 15:52:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 17:43:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.23 18:31:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.09 18:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.13 15:31:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.13 15:31:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 17:43:34 | 000,000,000 | ---D | M] [2011.01.01 23:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H A N N A H\AppData\Roaming\mozilla\Extensions [2011.01.01 23:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H A N N A H\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.07 13:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H A N N A H\AppData\Roaming\mozilla\Firefox\Profiles\gc6xqigi.default\extensions [2011.10.23 18:13:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\H A N N A H\AppData\Roaming\mozilla\Firefox\Profiles\gc6xqigi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.01.07 13:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H A N N A H\AppData\Roaming\mozilla\Firefox\Profiles\gc6xqigi.default\extensions\staged [2012.01.14 12:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.17 21:04:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.14 12:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.09.15 19:07:06 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2011.01.01 23:41:09 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} () (No name found) -- C:\USERS\H A N N A H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC6XQIGI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\H A N N A H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC6XQIGI.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI () (No name found) -- C:\USERS\H A N N A H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC6XQIGI.DEFAULT\EXTENSIONS\FF4UIFIX@NIKOLAKOCIC.COM.XPI [2012.01.09 18:55:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.09 18:55:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.09 18:55:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.09 18:55:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.09 18:55:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.09 18:55:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.09 18:55:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\H A N N A H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\H A N N A H\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\H A N N A H\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\H A N N A H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\H A N N A H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2010.12.29 00:29:28 | 000,001,558 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 192.168.112.2O7.net O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 toolbar.google.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe () O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Facebook Update] C:\Users\H A N N A H\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\H A N N A H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\H A N N A H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\H A N N A H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDED811-6FD7-4A1C-B5F0-28848848FAC6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9A70829-C824-45F6-95CA-D324524D98B0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\H A N N A H\AppData\Local\57af559d\X) -C:\Users\H A N N A H\AppData\Local\57af559d\X () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1c5c9e6a-15d5-11e0-81b9-0050f27d8bda}\Shell - "" = AutoRun O33 - MountPoints2\{1c5c9e6a-15d5-11e0-81b9-0050f27d8bda}\Shell\AutoRun\command - "" = F:\Windows\setup.exe /autorun O33 - MountPoints2\{1c5c9e89-15d5-11e0-81b9-0050f27d8bda}\Shell - "" = AutoRun O33 - MountPoints2\{1c5c9e89-15d5-11e0-81b9-0050f27d8bda}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\{38c17866-4354-11e0-9a70-00137766d465}\Shell - "" = AutoRun O33 - MountPoints2\{38c17866-4354-11e0-9a70-00137766d465}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{dcb60b4a-4352-11e0-ae72-00137766d465}\Shell - "" = AutoRun O33 - MountPoints2\{dcb60b4a-4352-11e0-ae72-00137766d465}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.14 19:25:37 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.01.14 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.01.14 19:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.01.14 19:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.01.14 19:08:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\H A N N A H\Desktop\spybotsd162.exe [2012.01.14 12:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.01.14 12:44:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.01.14 12:44:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.01.14 12:44:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.01.14 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\AppData\Roaming\Malwarebytes [2012.01.14 12:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.14 12:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.14 12:11:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.14 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.14 12:09:54 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\H A N N A H\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.11 16:16:52 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 16:16:52 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 16:16:52 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 16:16:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 16:16:03 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 16:15:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 16:15:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.11 16:14:40 | 000,000,000 | -HSD | C] -- C:\Users\H A N N A H\AppData\Local\57af559d [2011.12.28 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\Documents\Realbooks [2011.12.21 01:47:15 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\AppData\Local\DDMSettings [2011.12.16 21:15:56 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\Documents\Hochzeitszeitung_Leni [2011.12.16 21:11:47 | 000,000,000 | ---D | C] -- C:\Users\H A N N A H\Documents\eCircle [1 C:\Users\H A N N A H\Desktop\*.tmp files -> C:\Users\H A N N A H\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.14 21:27:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000UA.job [2012.01.14 21:26:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.14 20:55:05 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000UA.job [2012.01.14 19:27:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000Core.job [2012.01.14 19:25:41 | 000,002,308 | ---- | M] () -- C:\Users\H A N N A H\Desktop\Google Chrome.lnk [2012.01.14 19:12:20 | 000,001,262 | ---- | M] () -- C:\Users\H A N N A H\Desktop\Spybot - Search & Destroy.lnk [2012.01.14 19:10:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\H A N N A H\Desktop\spybotsd162.exe [2012.01.14 18:40:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.14 18:40:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.14 18:37:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.14 18:37:07 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.14 18:37:07 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.14 18:33:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.14 18:32:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.14 18:32:13 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys [2012.01.14 18:32:10 | 000,281,941 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.01.14 17:55:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000Core.job [2012.01.14 12:10:50 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\H A N N A H\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.11 23:25:23 | 000,002,118 | ---- | M] () -- C:\Users\H A N N A H\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.01.11 16:16:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.11 08:06:22 | 000,111,450 | ---- | M] () -- C:\Users\H A N N A H\Desktop\Groupon-D0FDC6FDEB.pdf [2012.01.09 19:49:30 | 000,135,555 | ---- | M] () -- C:\Users\H A N N A H\Desktop\Groupon-EDBFD40D9E.pdf [2012.01.09 19:32:59 | 000,116,270 | ---- | M] () -- C:\Users\H A N N A H\Desktop\jticket.pdf [2012.01.09 18:55:59 | 000,002,056 | ---- | M] () -- C:\Users\H A N N A H\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.01.09 18:55:59 | 000,002,056 | ---- | M] () -- C:\Users\H A N N A H\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk [2012.01.07 18:14:08 | 000,048,036 | ---- | M] () -- C:\Users\H A N N A H\Desktop\Daten des Akademischen Jahres 2011_2012.pdf [1 C:\Users\H A N N A H\Desktop\*.tmp files -> C:\Users\H A N N A H\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.14 19:25:41 | 000,002,308 | ---- | C] () -- C:\Users\H A N N A H\Desktop\Google Chrome.lnk [2012.01.14 19:22:24 | 000,001,144 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000UA.job [2012.01.14 19:22:22 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684009831-1757761012-2784501651-1000Core.job [2012.01.14 19:12:20 | 000,001,262 | ---- | C] () -- C:\Users\H A N N A H\Desktop\Spybot - Search & Destroy.lnk [2012.01.11 08:06:21 | 000,111,450 | ---- | C] () -- C:\Users\H A N N A H\Desktop\Groupon-D0FDC6FDEB.pdf [2012.01.09 19:49:30 | 000,135,555 | ---- | C] () -- C:\Users\H A N N A H\Desktop\Groupon-EDBFD40D9E.pdf [2012.01.09 19:32:59 | 000,116,270 | ---- | C] () -- C:\Users\H A N N A H\Desktop\jticket.pdf [2012.01.07 18:14:08 | 000,048,036 | ---- | C] () -- C:\Users\H A N N A H\Desktop\Daten des Akademischen Jahres 2011_2012.pdf [2011.10.24 14:48:16 | 000,180,950 | ---- | C] () -- C:\Windows\hpoins29.dat.temp [2011.10.24 14:45:32 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp [2011.10.23 19:36:28 | 000,017,408 | ---- | C] () -- C:\Users\H A N N A H\AppData\Local\WebpageIcons.db [2011.10.23 17:38:20 | 000,478,232 | ---- | C] () -- C:\Windows\hpoins29.dat [2011.10.23 17:38:20 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat [2011.07.30 11:55:07 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2011.07.30 11:55:07 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2011.07.30 11:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2011.07.30 11:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll [2011.07.30 11:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll [2011.07.30 11:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll [2011.07.30 11:52:20 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2011.07.30 11:52:20 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2011.01.30 13:24:06 | 000,008,192 | ---- | C] () -- C:\Users\H A N N A H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.28 19:21:34 | 000,000,132 | ---- | C] () -- C:\Users\H A N N A H\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.16 13:58:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.01 17:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.01 20:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat < End of report > |
|
14.01.2012, 22:26
| #3 |
| | "mediashifting.com" Trojaner ...und hier das Extras.txtOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 14.01.2012 22:07:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\H A N N A H\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,33% Memory free
5,00 Gb Paging File | 2,95 Gb Available in Paging File | 59,08% Paging File free
Paging file location(s): c:\pagefile.sys 3069 3069 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 49,94 Gb Free Space | 21,45% Space Free | Partition Type: NTFS
Computer Name: HANNAH-PC | User Name: H A N N A H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}" = Atheros Wireless LAN Card
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F85D2E97-015D-4B26-8C20-20F9C7A7BAD0}" = Simple Adblock
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3DataManager" = 3DataManager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DivX Setup" = DivX-Setup
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"foobar2000" = foobar2000 v1.1.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"MAXQDA10" = MAXQDA 10 (R140111)
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"RealPlayer 6.0" = RealPlayer
"Trillian" = Trillian
"XMedia Recode" = XMedia Recode 3.0.3.9
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.01.2012 03:49:21 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 12.01.2012 03:49:23 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 13.01.2012 10:39:34 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 13.01.2012 10:39:34 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 05:21:26 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 05:21:26 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 11:25:22 | Computer Name = HANNAH-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 14.01.2012 11:30:30 | Computer Name = HANNAH-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.01.2012 13:37:07 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 13:37:07 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.01.2012 13:34:15 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4214
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
732 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: Es
konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung
verweigerte.
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::connectIpc File: .\IPC\IPCTransport.cpp Line:
246 Invoked Function: CSocketTransport::connectTransport Return Code: -31522804 (0xFE1F000C)
Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522783
(0xFE1F0021) Description: SOCKETTRANSPORT_ERROR_NOT_CONNECTED
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initIpc File: .\ApiIpc.cpp Line: 323 Invoked Function:
CIpcTransport::connectIpc Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initiateAgentConnection File: .\ApiIpc.cpp Line: 235
Invoked
Function: ApiIpc::initIpc Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::run File: .\ApiIpc.cpp Line: 428 Invoked Function:
ApiIpc::initiateAgentConnection Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108865
Description = Function: ClientIfcBase::attach File: .\ClientIfcBase.cpp Line: 500 Client
failed to attach.
Error - 14.01.2012 13:35:36 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::OnCreate File: .\mainfrm.cpp Line: 362 Invoked
Function: The VPN service is not responding or available. Return Code: -33554423
(0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED
Error - 14.01.2012 13:35:36 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1089 NULL object. Cannot establish a connection at this time.
[ System Events ]
Error - 13.01.2012 10:32:47 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 14.01.2012 05:16:47 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 05:16:48 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 05:16:52 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.01.2012 05:17:06 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 14.01.2012 13:24:54 | Computer Name = HANNAH-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 14.01.2012 13:32:32 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 13:32:32 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 13:32:35 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.01.2012 13:32:44 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
< End of report >
|
|
14.01.2012, 22:28
| #4 |
| | "mediashifting.com" Trojaner ...und das Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.01.2012 22:07:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\H A N N A H\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,33% Memory free
5,00 Gb Paging File | 2,95 Gb Available in Paging File | 59,08% Paging File free
Paging file location(s): c:\pagefile.sys 3069 3069 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 49,94 Gb Free Space | 21,45% Space Free | Partition Type: NTFS
Computer Name: HANNAH-PC | User Name: H A N N A H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}" = Atheros Wireless LAN Card
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F85D2E97-015D-4B26-8C20-20F9C7A7BAD0}" = Simple Adblock
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3DataManager" = 3DataManager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DivX Setup" = DivX-Setup
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"foobar2000" = foobar2000 v1.1.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"MAXQDA10" = MAXQDA 10 (R140111)
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"RealPlayer 6.0" = RealPlayer
"Trillian" = Trillian
"XMedia Recode" = XMedia Recode 3.0.3.9
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.01.2012 03:49:21 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 12.01.2012 03:49:23 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 13.01.2012 10:39:34 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 13.01.2012 10:39:34 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 05:21:26 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 05:21:26 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 11:25:22 | Computer Name = HANNAH-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 14.01.2012 11:30:30 | Computer Name = HANNAH-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.01.2012 13:37:07 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 14.01.2012 13:37:07 | Computer Name = HANNAH-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.01.2012 13:34:15 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4214
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
732 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: Es
konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung
verweigerte.
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::connectIpc File: .\IPC\IPCTransport.cpp Line:
246 Invoked Function: CSocketTransport::connectTransport Return Code: -31522804 (0xFE1F000C)
Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522783
(0xFE1F0021) Description: SOCKETTRANSPORT_ERROR_NOT_CONNECTED
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initIpc File: .\ApiIpc.cpp Line: 323 Invoked Function:
CIpcTransport::connectIpc Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::initiateAgentConnection File: .\ApiIpc.cpp Line: 235
Invoked
Function: ApiIpc::initIpc Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: ApiIpc::run File: .\ApiIpc.cpp Line: 428 Invoked Function:
ApiIpc::initiateAgentConnection Return Code: -31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
Error - 14.01.2012 13:34:19 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108865
Description = Function: ClientIfcBase::attach File: .\ClientIfcBase.cpp Line: 500 Client
failed to attach.
Error - 14.01.2012 13:35:36 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::OnCreate File: .\mainfrm.cpp Line: 362 Invoked
Function: The VPN service is not responding or available. Return Code: -33554423
(0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED
Error - 14.01.2012 13:35:36 | Computer Name = HANNAH-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1089 NULL object. Cannot establish a connection at this time.
[ System Events ]
Error - 13.01.2012 10:32:47 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 14.01.2012 05:16:47 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 05:16:48 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 05:16:52 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.01.2012 05:17:06 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 14.01.2012 13:24:54 | Computer Name = HANNAH-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 14.01.2012 13:32:32 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 13:32:32 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 14.01.2012 13:32:35 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.01.2012 13:32:44 | Computer Name = HANNAH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "acsock" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
< End of report >
|
|
14.01.2012, 22:33
| #5 |
| | "mediashifting.com" Trojaner ...und zu guter Letzt der MBR-Check. Freu mich auf Antworten! Danke und schönen Abend  MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R59P/R60P/R61P Logical Drives Mask: 0x00000014 Kernel Drivers (total 152): 0x02E1F000 \SystemRoot\system32\ntoskrnl.exe 0x03408000 \SystemRoot\system32\hal.dll 0x00BD1000 \SystemRoot\system32\kdcom.dll 0x00CBB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D0A000 \SystemRoot\system32\PSHED.dll 0x00D1E000 \SystemRoot\system32\CLFS.SYS 0x00EB5000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F75000 \SystemRoot\system32\drivers\ACPI.sys 0x00FCC000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FD5000 \SystemRoot\system32\drivers\msisadrv.sys 0x00D7C000 \SystemRoot\system32\drivers\pci.sys 0x00FDF000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00DAF000 \SystemRoot\System32\drivers\partmgr.sys 0x00FEC000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00DC4000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00DD0000 \SystemRoot\system32\drivers\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FF5000 \SystemRoot\system32\drivers\pciide.sys 0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys 0x01023000 \SystemRoot\system32\drivers\vmbus.sys 0x0105F000 \SystemRoot\system32\drivers\winhv.sys 0x01073000 \SystemRoot\system32\drivers\atapi.sys 0x0107C000 \SystemRoot\system32\drivers\ataport.SYS 0x010A6000 \SystemRoot\system32\drivers\amdxata.sys 0x010B1000 \SystemRoot\system32\drivers\fltmgr.sys 0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys 0x01111000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x0121F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0111D000 \SystemRoot\System32\Drivers\msrpc.sys 0x013C2000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0117B000 \SystemRoot\System32\Drivers\cng.sys 0x013DD000 \SystemRoot\System32\drivers\pcw.sys 0x013EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01461000 \SystemRoot\system32\drivers\ndis.sys 0x01554000 \SystemRoot\system32\drivers\NETIO.SYS 0x015B4000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01665000 \SystemRoot\System32\drivers\tcpip.sys 0x01869000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x018B3000 \SystemRoot\system32\drivers\vmstorfl.sys 0x018C3000 \SystemRoot\system32\drivers\volsnap.sys 0x0190F000 \SystemRoot\System32\Drivers\spldr.sys 0x01917000 \SystemRoot\System32\drivers\rdyboost.sys 0x01951000 \SystemRoot\System32\Drivers\mup.sys 0x01963000 \SystemRoot\System32\drivers\hwpolicy.sys 0x0196C000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x019A6000 \SystemRoot\system32\DRIVERS\disk.sys 0x019BC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01628000 \SystemRoot\system32\drivers\cdrom.sys 0x01652000 \SystemRoot\System32\Drivers\Null.SYS 0x0165B000 \SystemRoot\System32\Drivers\Beep.SYS 0x015DF000 \SystemRoot\System32\drivers\vga.sys 0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01425000 \SystemRoot\System32\drivers\watchdog.sys 0x01435000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0143E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01447000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01450000 \SystemRoot\System32\Drivers\Msfs.SYS 0x015ED000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01000000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03A77000 \SystemRoot\system32\drivers\afd.sys 0x03B00000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03B45000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x03B4E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03B74000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x03B8A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03B99000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03BB4000 \SystemRoot\system32\drivers\termdd.sys 0x03BC8000 \??\C:\Windows\system32\Drivers\SABI.sys 0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03A5D000 \SystemRoot\system32\drivers\mssmbios.sys 0x03A68000 \SystemRoot\System32\drivers\discache.sys 0x03C14000 \SystemRoot\system32\drivers\csc.sys 0x03C97000 \SystemRoot\System32\Drivers\dfsc.sys 0x03CB5000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03CC6000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x03CEA000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03D10000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03D26000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x0485E000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x03E72000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03F66000 \SystemRoot\System32\drivers\dxgmms1.sys 0x042A3000 \SystemRoot\system32\DRIVERS\athrx.sys 0x0454C000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04559000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x045BC000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04267000 \SystemRoot\system32\drivers\HDAudBus.sys 0x045C7000 \SystemRoot\system32\drivers\i8042prt.sys 0x045E5000 \SystemRoot\system32\drivers\kbdclass.sys 0x02C72000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x02DCE000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x02DD0000 \SystemRoot\system32\drivers\mouclass.sys 0x02DDF000 \SystemRoot\system32\drivers\CompositeBus.sys 0x02C00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x02C16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02C3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03FAC000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02C46000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x03FDB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03E00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02C61000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x02C6C000 \SystemRoot\system32\drivers\swenum.sys 0x03E1A000 \SystemRoot\system32\drivers\ks.sys 0x0428B000 \SystemRoot\system32\drivers\umbus.sys 0x04F12000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x03E5D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x052A3000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x053C5000 \SystemRoot\system32\drivers\modem.sys 0x056F2000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05977000 \SystemRoot\system32\drivers\portcls.sys 0x059B4000 \SystemRoot\system32\drivers\drmk.sys 0x059D6000 \SystemRoot\system32\drivers\ksthunk.sys 0x059DC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x059EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x059F6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x05600000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00030000 \SystemRoot\System32\win32k.sys 0x05613000 \SystemRoot\System32\drivers\Dxapi.sys 0x0561F000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005F0000 \SystemRoot\System32\TSDDD.dll 0x007D0000 \SystemRoot\System32\cdd.dll 0x00840000 \SystemRoot\System32\ATMFD.DLL 0x0562D000 \SystemRoot\system32\drivers\luafv.sys 0x05650000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0566F000 \SystemRoot\system32\drivers\WudfPf.sys 0x05690000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05200000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x056A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x056B8000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x056D0000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x03D2B000 \SystemRoot\system32\drivers\HTTP.sys 0x05253000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x05284000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04F6C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x04F99000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x053D4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x02849000 \SystemRoot\System32\DRIVERS\srv2.sys 0x028B2000 \SystemRoot\System32\DRIVERS\srv.sys 0x0294A000 \SystemRoot\system32\drivers\peauth.sys 0x029F0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x02800000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0282E000 \??\C:\Windows\system32\drivers\mbam.sys 0x06A97000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x77160000 \Windows\System32\ntdll.dll 0x478E0000 \Windows\System32\smss.exe 0xFF480000 \Windows\System32\apisetschema.dll Processes (total 79): 0 System Idle Process 4 System 268 C:\Windows\System32\smss.exe 412 csrss.exe 472 C:\Windows\System32\wininit.exe 488 csrss.exe 528 C:\Windows\System32\services.exe 560 C:\Windows\System32\winlogon.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 708 C:\Windows\System32\svchost.exe 792 C:\Windows\System32\svchost.exe 832 C:\Windows\System32\Ati2evxx.exe 892 C:\Windows\System32\svchost.exe 960 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 388 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\Ati2evxx.exe 1312 C:\Windows\System32\svchost.exe 1448 C:\Windows\System32\spoolsv.exe 1480 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1680 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1712 C:\Windows\System32\svchost.exe 1748 C:\Windows\SysWOW64\svchost.exe 1772 C:\Windows\System32\svchost.exe 1808 C:\Program Files\OO Software\Defrag\oodag.exe 1880 C:\Windows\System32\svchost.exe 1888 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1912 C:\Windows\System32\conhost.exe 1928 C:\Windows\System32\svchost.exe 1976 C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe 1584 C:\Program Files (x86)\3DataManager\WTGService.exe 2332 C:\Windows\System32\taskhost.exe 2396 C:\Windows\System32\dwm.exe 2404 C:\Windows\System32\taskeng.exe 2500 C:\Windows\explorer.exe 2524 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 2652 C:\Windows\System32\svchost.exe 2884 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 3000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3008 C:\Program Files\OO Software\Defrag\oodtray.exe 1560 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2184 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 364 C:\Program Files (x86)\Skype\Phone\Skype.exe 2580 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2568 C:\Program Files\Windows Sidebar\sidebar.exe 2912 C:\Windows\System32\StikyNot.exe 2816 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe 2952 C:\Users\H A N N A H\AppData\Roaming\Dropbox\bin\Dropbox.exe 3060 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2752 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe 2984 C:\Windows\System32\SearchIndexer.exe 2708 C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe 3096 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe 3188 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 3308 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3520 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3472 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe 1032 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe 2320 C:\Program Files\Windows Media Player\wmpnetwk.exe 4316 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe 2064 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe 3808 C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\chrome.exe 4020 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 940 C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\chrome.exe 3032 C:\Windows\SysWOW64\rundll32.exe 948 C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\chrome.exe 3816 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 4012 C:\Users\H A N N A H\AppData\Local\Google\Chrome\Application\chrome.exe 4076 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4396 C:\Users\H A N N A H\Downloads\OTL.exe 4048 C:\Windows\notepad.exe 3904 C:\Windows\notepad.exe 3552 C:\Windows\System32\SearchProtocolHost.exe 5048 C:\Windows\System32\SearchFilterHost.exe 4956 C:\Windows\System32\audiodg.exe 2016 C:\Users\H A N N A H\Downloads\MBRCheck.exe 3300 C:\Windows\System32\conhost.exe 2208 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS542525K9A300, Rev: BBFOC3EP Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
17.01.2012, 13:52
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "mediashifting.com" TrojanerZitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ --> "mediashifting.com" Trojaner |
|
| Themen zu "mediashifting.com" Trojaner |
| .dll, administrator, antivir, avg, dateisystem, desktop, explorer, frage, google, google chrome, heuristiks/extra, heuristiks/shuriken, internet, log, mediashifting.com, modul, neu, nt.dll, problem, programm, prozesse, recycle.bin, registry, report, services.exe, software, svchost.exe, trojane, trojaner, verweise, viren, virus, warnung, windows, öffnet |
Linear-Darstellung
