| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2012, 21:21
| #1 |
| |  Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo Leute, habe das selbe Problem... Habe wie in der Anleitung beschrieben Logs gemacht. Der abgesicherte Modus mit Netzwerktreibern funktioniert. Ich danke schonmal für eure Hilfe! <code> . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by PR at 15:27:07 on 2012-02-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2037.1449 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://de.ask.com/?l=dis&o=15788 uDefault_Page_URL = hxxp://samsung.msn.com uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [vasja] c:\users\pr\appdata\local\temp\0.40322757768200823.exe uRun: [{3F4CF39C-C30E-77EC-C9C6-F35E390E7719}] c:\users\pr\appdata\roaming\wya\uxtyra.exe mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [<NO NAME>] mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\pr\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico uPolicies-explorer: NoTrayItemsDisplay = 00000000 mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Free YouTube to MP3 Converter - c:\users\pr\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: bmnet.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\05F5E45647A7775627B6 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\3616D6F6 : DhcpNameServer = 134.109.133.1 134.109.133.39 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\5416379724F687D2530373232373 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\775626D20737B6 : DhcpNameServer = 134.109.133.1 134.109.133.39 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\E45647A7775627B6 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D92F5088-B458-4124-A6CF-B2BBB04FC8F6} : DhcpNameServer = 139.7.30.126 139.7.30.125 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL IFEO: bttray.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: btwuiext.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: cvh.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: excel.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: hpwucli.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" . Note: multiple IFEO entries found. Please refer to Attach.txt Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pr\appdata\roaming\mozilla\firefox\profiles\1dvofzno.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336] S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-31 36000] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-9-7 10752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] S2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-1-31 86224] S2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-1-31 110032] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-31 74640] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-4 652360] S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304] S3 avmaudio;AVM Audio;c:\windows\system32\drivers\avmaudio.sys [2010-12-27 101248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-24 297000] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-24 33320] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-8-18 77624] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-30 112128] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-29 36608] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-12-30 102912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-4 20464] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-12-24 131888] S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384] S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408] S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864] S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-8-18 181432] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-11 52224] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-3 1343400] S4 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664] S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S4 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-11 9216] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-02-04 14:14:39 -------- d-----w- c:\users\pr\appdata\roaming\Malwarebytes 2012-02-04 14:14:30 -------- d-----w- c:\programdata\Malwarebytes 2012-02-04 14:14:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-04 14:14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-04 13:58:19 -------- d-----w- c:\program files\ESET 2012-02-04 13:39:05 -------- d-----w- c:\users\pr\appdata\roaming\Wya 2012-02-04 13:39:05 -------- d-----w- c:\users\pr\appdata\roaming\Usevasi 2012-01-31 15:19:40 -------- d-----w- c:\users\pr\appdata\roaming\Avira 2012-01-31 15:13:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-31 15:13:16 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-31 15:13:12 -------- d-----w- c:\programdata\Avira 2012-01-31 15:13:12 -------- d-----w- c:\program files\Avira 2012-01-31 15:01:30 -------- d-----w- c:\users\pr\appdata\local\Trend Micro 2012-01-31 14:51:36 -------- d-----w- c:\programdata\Trend Micro 2012-01-31 14:04:09 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-31 14:04:06 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-31 14:04:03 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-01-31 14:04:02 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-20 09:54:40 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2012-01-20 09:54:37 21312 ----a-w- c:\windows\system32\authuitu.dll 2012-01-20 09:53:52 -------- d-----w- c:\program files\TuneUp Utilities 2012 2012-01-20 09:47:54 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-01-11 15:07:10 -------- d-----w- c:\users\pr\.scribus 2012-01-11 15:05:51 -------- d-----w- c:\program files\Scribus 1.3.3.14 2012-01-09 16:45:52 -------- d-----w- c:\program files\Game Flow Analysis Tool 2012-01-08 10:50:15 -------- d-----w- c:\users\pr\appdata\local\{0C1690AA-08B9-40A2-A10C-ECBDCE31F389} 2012-01-06 11:47:45 -------- d-----w- c:\users\pr\appdata\local\{70AE85C7-CF56-4AF6-8C1D-DF2D3EBCE256} 2012-01-06 11:45:58 -------- d-----w- c:\users\pr\appdata\local\{BF73082C-B69C-48CE-A311-563F73A2278A} . ==================== Find3M ==================== . 2011-11-29 16:33:05 253952 ------w- c:\windows\Setup1.exe 2011-11-29 16:32:58 74752 ----a-w- c:\windows\ST6UNST.EXE 2011-11-24 19:05:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys 2010-10-16 23:50:24 3056008 ----a-w- c:\program files\common files\AskToolbarInstaller.exe . ============= FINISH: 15:30:00,41 =============== </code> <code> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 24.12.2010 22:21:15 System Uptime: 04.02.2012 14:48:15 (1 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NF110/NF210/NF310 Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU 1 | 1496/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 87 GiB total, 48,966 GiB free. D: is FIXED (NTFS) - 130 GiB total, 102,821 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . No restore point in system. . ==== Image File Execution Options ============= . IFEO: bttray.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: btwuiext.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: cvh.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: excel.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: hpwucli.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: ipsecdialer.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: manager1.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: misc.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mobileconnect.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msaccess.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msoxmled.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mspub.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mstore.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: onenote.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: outlook.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: powerpnt.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: setmtu.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: sftdde.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: srspremiumpanel.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: vpngui.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: Winword.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" . ==== Installed Programs ====================== . 2570 2570_Help 2570Trb 32 Bit HP CIO Components Installer Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Dreamweaver CS5.5 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) - Deutsch Adobe Widget Browser AFSS HTML Designer 2.3 AFSS HTML Designer 2.3 (C:\Program Files\AFSS HTML Designer\) AIO_CDA_ProductContext AIO_CDA_Software AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Atheros Client Installation Program ATLAS.ti 5.2 Avira Free Antivirus AVM FRITZ!Box USB-Fernanschluss BatteryLifeExtender Broadcom 802.11 Network Adapter BufferChm Cisco Systems VPN Client 5.0.07.0290 Copy CyberLink YouCam D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DivX-Setup DocProc Dropbox Easy Content Share Easy Display Manager Easy SpeedUp Manager EasyBatteryManager ESET Online Scanner v3 Fast Start Fax Foxit Reader 5.0 Free Video to MP3 Converter version 5.0.3.1206 Game Flow Analysis Tool 1.0.0.29 Game Pack GIMP 2.6.11 Google Calendar Sync GPBaseService2 GTA2 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ImagXpress ImgBurn Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet-TV für Windows Media Center IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 26 Junk Mail filter update Malwarebytes Anti-Malware Version 1.60.1.1000 MarketResearch Marvell Miniport Driver Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office Home and Student 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Outlook Social Connector Provider for Facebook 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Movie Color Enhancer Mozilla Firefox 7.0.1 (x86 de) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultimediaPOP neroxml Network NewFreeScreensaver nfsClockHDAzure Nvu 1.0 OCR Software by I.R.I.S. 13.0 Opera 11.60 PamFax PamFax Office Integration PamFaxOutlookAddIn2010 PDFCreator pdfforge Toolbar v4.6 Realtek High Definition Audio Driver Samsung AnyWeb Print Samsung Recovery Solution 5 Samsung Support Center 1.0 Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus SAMSUNG USB Driver for Mobile Phones Scan Scribus 1.3.3.14 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Shop for HP Supplies Skype™ 4.2 SmartWebPrinting SolutionCenter SpeedFan (remove only) Status Synaptics Pointing Device Driver Toolbox Total Commander (Remove or Repair) TrayApp TubeBox! TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) VC80CRTRedist - 8.0.50727.4053 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.1.11 Vodafone Mobile Connect Lite Voxware Audio decoder 1.6 WebReg WIDCOMM Bluetooth Software Win7codecs Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Silverlight Windows Media Player Firefox Plugin WinRAR Yahoo! Toolbar YouTube Downloader 3.5 YouTube Downloader Toolbar v4.5 . ==== End Of File =========================== </code> <code> GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-04 21:02:23 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO Running: iyxkchio.exe; Driver: C:\Users\PR\AppData\Local\Temp\kxldipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82881369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000098 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1167269 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c@0025676faffa 0xCA 0x61 0xCC 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c@8c77128d15ab 0x31 0x7D 0xCF 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1167269 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c@0025676faffa 0xCA 0x61 0xCC 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c@8c77128d15ab 0x31 0x7D 0xCF 0x5D ... ---- EOF - GMER 1.0.15 ---- </code> |
|
05.02.2012, 10:07
| #2 | ||||
| /// Helfer-Team    | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
Auch nach Systemwiederherstellung können noch (Viren) Probleme auftreten. Daher ich würde noch eine gründliche Systemreinigung und Systemupdate vorschlagen. Also führe die folgenden Schritte in der angegebenen Reihenfolge aus: 3. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
05.02.2012, 12:42
| #3 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo Kira!
__________________Ich befürchte, mein System könnte schon länger infiziert sein, habe ich den Schritt mit der Systemwiederherstellung übersprungen. Alle anderen Schritte habe ich wie von dir beschrieben durchgeführt. Nach der Durchführung von Malwarebytes hat der Computer neu gestartet und läuft nun wieder im normalen Modus. Ich hoffe, du kanst mir helfen mein System vollständig zu säubern. Anbei die Logdateien. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.05.01 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 PR :: HADES [Administrator] Schutz: Deaktiviert 05.02.2012 10:49:53 mbam-log-2012-02-05 (10-49-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 302946 Laufzeit: 59 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\PR\AppData\Local\Temp\0.40322757768200823.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3F4CF39C-C30E-77EC-C9C6-F35E390E7719} (Trojan.VUPX.ON1) -> Daten: C:\Users\PR\AppData\Roaming\Wya\uxtyra.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\PR\AppData\Local\Temp\0.40322757768200823.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PR\AppData\Roaming\Wya\uxtyra.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PR\AppData\Local\Temp\0.8456037733577773.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3bc8e340-23cbb1c0 (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-661a3802 (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 2/5/2012 12:20:56 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\PR\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.46% Memory free 3.98 Gb Paging File | 2.65 Gb Available in Paging File | 66.53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 87.00 Gb Total Space | 48.97 Gb Free Space | 56.29% Space Free | Partition Type: NTFS Drive D: | 130.01 Gb Total Space | 102.82 Gb Free Space | 79.09% Space Free | Partition Type: NTFS Computer Name: HADES | User Name: PR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/05 12:19:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\PR\Desktop\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/20 14:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/12/15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/12/15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/12/14 12:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011/12/11 14:15:36 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/21 00:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/20 10:22:22 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/08/19 09:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/08/05 06:16:04 | 002,208,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe ========== Modules (No Company Name) ========== MOD - [2011/12/11 14:16:22 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2011/12/11 14:16:22 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2011/12/11 14:16:21 | 000,275,968 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2011/12/11 14:16:21 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2011/12/11 14:16:21 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2011/12/11 14:16:20 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2011/12/11 14:16:20 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2011/12/11 14:16:20 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2011/12/11 14:16:19 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2011/12/11 14:16:19 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2011/12/11 14:16:19 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2011/12/11 14:16:18 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2011/12/11 14:16:18 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2011/11/24 20:05:49 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/05/03 17:39:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/08/09 20:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2010/07/21 12:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/09/11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/12/15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/12/15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/07/20 08:46:04 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2011/07/20 08:46:04 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2010/12/27 16:42:20 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/17 15:12:45 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport) DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/07/08 09:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/06/29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009/04/09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15788 IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\PR\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\PR\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/27 17:55:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/12/30 15:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/05 21:33:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/05 21:33:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/24 14:44:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/02 12:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/15 12:00:57 | 000,000,000 | ---D | M] [2011/04/15 12:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PR\AppData\Roaming\mozilla\Extensions [2011/04/15 12:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PR\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011/04/15 12:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PR\AppData\Roaming\mozilla\Sunbird\Profiles\4i7oawkv.default\extensions [2010/09/28 21:39:14 | 000,002,333 | ---- | M] () -- C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\1dvofzno.default\searchplugins\askcom.xml [2011/08/27 23:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/22 20:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/03/25 08:19:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/04 11:04:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/24 14:44:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/10/24 14:44:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/24 14:44:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/24 14:44:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/10/24 14:44:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/24 14:44:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/24 14:44:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/12/29 12:24:25 | 000,428,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D92F5088-B458-4124-A6CF-B2BBB04FC8F6}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\bttray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\btwuiext.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\cvh.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ipsecdialer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\manager1.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mobileconnect.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setmtu.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sftdde.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\srspremiumpanel.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\vpngui.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\Winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{12e643ba-60e0-11e0-952a-002454eed034}\Shell - "" = AutoRun O33 - MountPoints2\{12e643ba-60e0-11e0-952a-002454eed034}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{82847725-24f7-11e0-a617-4cedde06f53c}\Shell - "" = AutoRun O33 - MountPoints2\{82847725-24f7-11e0-a617-4cedde06f53c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{eb3c120e-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun O33 - MountPoints2\{eb3c120e-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{eb3c12a4-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun O33 - MountPoints2\{eb3c12a4-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{eb3c1320-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun O33 - MountPoints2\{eb3c1320-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/05 12:19:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\PR\Desktop\OTL.exe [2012/02/05 10:45:53 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PR\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/04 16:35:30 | 000,100,864 | ---- | C] (GMER) -- C:\kxldipow.sys [2012/02/04 15:26:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\PR\Desktop\dds.com [2012/02/04 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Malwarebytes [2012/02/04 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/04 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/04 15:14:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/02/04 15:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/04 15:10:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PR\Desktop\mbam-setup-1.60.1.1000.exe [2012/02/04 14:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/04 14:39:05 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Wya [2012/02/04 14:39:05 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Usevasi [2012/01/31 16:19:40 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Avira [2012/01/31 16:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/01/31 16:13:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/01/31 16:13:17 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/01/31 16:13:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/01/31 16:13:16 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/01/31 16:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/01/31 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/01/31 16:01:30 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Local\Trend Micro [2012/01/31 15:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2012/01/31 15:39:15 | 063,072,032 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe [2012/01/31 15:07:50 | 084,500,248 | ---- | C] (Trend Micro Inc.) -- C:\Users\PR\Desktop\Trend_Micro.exe [2012/01/31 15:04:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll [2012/01/31 15:04:03 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll [2012/01/31 15:04:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2012/01/20 10:54:40 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\windows\System32\TURegOpt.exe [2012/01/20 10:54:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\windows\System32\authuitu.dll [2012/01/20 10:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012/01/20 10:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012/01/20 10:47:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/01/11 16:07:10 | 000,000,000 | ---D | C] -- C:\Users\PR\.scribus [2012/01/11 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14 [2012/01/11 16:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14 [2012/01/11 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.3.3.14 [2012/01/09 17:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Flow Analysis Tool [2012/01/09 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Game Flow Analysis Tool [2012/01/08 11:50:15 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Local\{0C1690AA-08B9-40A2-A10C-ECBDCE31F389} [2012/01/08 10:38:28 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012/01/06 12:47:45 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Local\{70AE85C7-CF56-4AF6-8C1D-DF2D3EBCE256} [2012/01/06 12:45:58 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Local\{BF73082C-B69C-48CE-A311-563F73A2278A} [2011/02/26 18:41:02 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\windows\sipr3260.dll [3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\PR\*.tmp files -> C:\Users\PR\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/05 12:20:58 | 000,015,968 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 12:20:58 | 000,015,968 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 12:19:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\PR\Desktop\OTL.exe [2012/02/05 12:13:13 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012/02/05 12:12:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/02/05 12:12:23 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys [2012/02/05 10:47:33 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/05 10:46:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PR\Desktop\mbam--setup-1.60.1.1000.exe [2012/02/04 16:35:30 | 000,100,864 | ---- | M] (GMER) -- C:\kxldipow.sys [2012/02/04 15:33:24 | 000,302,592 | ---- | M] () -- C:\Users\PR\Desktop\iyxkchio.exe [2012/02/04 15:26:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\PR\Desktop\dds.com [2012/02/04 15:25:37 | 000,000,000 | ---- | M] () -- C:\Users\PR\defogger_reenable [2012/02/04 15:24:13 | 000,050,477 | ---- | M] () -- C:\Users\PR\Desktop\Defogger.exe [2012/02/04 15:10:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PR\Desktop\mbam-setup-1.60.1.1000.exe [2012/02/02 12:08:36 | 000,007,405 | ---- | M] () -- C:\Users\PR\Desktop\Doodle.pdf [2012/02/01 17:27:47 | 000,342,722 | ---- | M] () -- C:\Users\PR\Desktop\minstr12.pdf [2012/02/01 17:17:37 | 000,002,517 | ---- | M] () -- C:\Users\PR\Desktop\minstr11.pdf [2012/02/01 17:13:10 | 000,008,835 | ---- | M] () -- C:\Users\PR\Desktop\stage2.htm [2012/01/31 16:13:50 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/31 16:11:15 | 087,262,320 | ---- | M] () -- C:\Users\PR\Desktop\avira_free_antivirus1200872_de.exe [2012/01/31 16:05:14 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/01/31 15:56:14 | 000,685,814 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/01/31 15:56:14 | 000,636,630 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/01/31 15:56:14 | 000,141,378 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/01/31 15:56:14 | 000,116,702 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/01/31 15:47:17 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2012/01/31 15:41:50 | 063,072,032 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe [2012/01/31 15:12:36 | 084,500,248 | ---- | M] (Trend Micro Inc.) -- C:\Users\PR\Desktop\Trend_Micro.exe [2012/01/20 10:54:32 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012/01/20 10:54:32 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012/01/18 15:53:41 | 000,008,964 | ---- | M] () -- C:\Users\PR\.recently-used.xbel [2012/01/09 17:45:54 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Game Flow Analysis Tool.lnk [3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\PR\*.tmp files -> C:\Users\PR\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/04 15:33:24 | 000,302,592 | ---- | C] () -- C:\Users\PR\Desktop\iyxkchio.exe [2012/02/04 15:25:37 | 000,000,000 | ---- | C] () -- C:\Users\PR\defogger_reenable [2012/02/04 15:24:13 | 000,050,477 | ---- | C] () -- C:\Users\PR\Desktop\Defogger.exe [2012/02/04 15:14:30 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/02 12:08:35 | 000,007,405 | ---- | C] () -- C:\Users\PR\Desktop\Doodle.pdf [2012/02/01 17:18:44 | 000,342,722 | ---- | C] () -- C:\Users\PR\Desktop\minstr12.pdf [2012/02/01 17:17:36 | 000,002,517 | ---- | C] () -- C:\Users\PR\Desktop\minstr11.pdf [2012/02/01 17:13:09 | 000,008,835 | ---- | C] () -- C:\Users\PR\Desktop\stage2.htm [2012/01/31 16:13:49 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/31 16:07:19 | 087,262,320 | ---- | C] () -- C:\Users\PR\Desktop\avira_free_antivirus1200872_de.exe [2012/01/31 15:53:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/01/20 10:54:32 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012/01/20 10:54:32 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012/01/20 10:54:31 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012/01/18 15:53:41 | 000,008,964 | ---- | C] () -- C:\Users\PR\.recently-used.xbel [2012/01/09 17:45:54 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Game Flow Analysis Tool.lnk [2011/09/27 17:17:54 | 000,226,706 | ---- | C] () -- C:\windows\hpoins18.dat.temp [2011/09/19 18:39:36 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat.temp [2011/09/19 17:07:45 | 000,226,706 | ---- | C] () -- C:\windows\hpoins18.dat [2011/09/19 17:07:45 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat [2011/08/16 14:48:34 | 000,262,080 | ---- | C] () -- C:\windows\System32\SynPS2.bin [2011/06/29 01:04:36 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll [2011/06/07 10:13:38 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011/06/07 10:13:38 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011/06/07 10:13:38 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011/06/07 10:13:38 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011/04/26 08:17:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011/03/26 19:43:29 | 000,007,606 | ---- | C] () -- C:\Users\PR\AppData\Local\Resmon.ResmonCfg [2010/12/30 00:30:07 | 000,162,816 | ---- | C] () -- C:\Users\PR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/29 16:02:09 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll [2010/12/29 16:02:09 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys [2010/12/29 00:40:59 | 000,000,125 | ---- | C] () -- C:\Users\PR\AppData\Roaming\default.rss [2010/12/27 17:48:04 | 000,245,376 | ---- | C] () -- C:\windows\hpoins19.dat.temp [2010/12/27 17:48:04 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat.temp [2010/12/27 17:24:49 | 000,245,252 | ---- | C] () -- C:\windows\hpoins19.dat [2010/12/27 17:24:49 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat [2010/12/25 21:47:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/24 22:26:46 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/12/24 22:25:24 | 000,120,688 | ---- | C] () -- C:\windows\Wiainst.exe [2010/12/24 22:24:39 | 000,552,960 | ---- | C] () -- C:\windows\System32\SnMinDrv.dll [2010/12/24 22:24:39 | 000,154,112 | ---- | C] () -- C:\windows\System32\SNWIAUI.dll [2010/12/24 22:24:39 | 000,135,168 | ---- | C] () -- C:\windows\System32\SnImgFlt.dll [2010/12/24 22:24:39 | 000,094,208 | ---- | C] () -- C:\windows\System32\SnErHdlr.dll [2010/12/24 22:24:19 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe [2010/12/24 22:23:43 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe [2010/12/24 22:23:41 | 000,259,888 | ---- | C] () -- C:\windows\SUPDRun.exe [2010/12/24 22:23:41 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll [2010/12/24 22:23:40 | 000,283,136 | ---- | C] () -- C:\windows\System32\DscPnt.dll [2010/10/30 12:57:02 | 000,095,232 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2010/09/07 20:39:08 | 000,685,814 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/09/07 20:39:08 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/09/07 20:39:08 | 000,141,378 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/09/07 20:39:08 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010/09/07 04:53:13 | 000,001,064 | ---- | C] () -- C:\windows\HotFixList.ini [2010/09/07 04:38:44 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/09/07 04:23:07 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll [2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll [2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,408,168 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,636,630 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,116,702 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI [2001/04/13 16:23:12 | 000,278,594 | ---- | C] () -- C:\windows\System32\DHTMLDeb.dll [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys ========== LOP Check ========== [2011/05/22 11:22:04 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\2XL [2011/08/23 16:58:46 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Broad Intelligence [2010/12/30 00:39:44 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Bytemobile [2011/01/03 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Canneverbe Limited [2011/11/23 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/11/22 16:58:36 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/05/30 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Downloaded Installations [2012/01/10 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Dropbox [2011/12/30 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\DVDVideoSoft [2010/12/29 10:58:51 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/06 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Foxit Software [2011/06/30 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\FreeFLVConverter [2011/06/19 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\GetRightToGo [2011/11/23 14:08:06 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\GHISLER [2012/01/18 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\gtk-2.0 [2011/09/04 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\ImgBurn [2010/12/29 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\IrfanView [2011/11/15 17:15:05 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Jens Lorek [2011/05/30 11:02:24 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Nitro PDF [2011/11/22 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Nvu [2011/02/03 01:46:39 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Opera [2011/06/19 10:15:31 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\PamFaxOutlookAddIn2010 [2011/06/18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Priotecs [2011/08/18 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Samsung [2011/06/19 10:12:42 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Scendix Software [2011/01/17 08:38:49 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Scientific Software [2011/01/12 17:52:42 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\SoftGrid Client [2011/06/19 10:12:31 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Softland [2011/10/10 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Synaptics [2010/12/29 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\TP [2012/01/20 10:54:08 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\TuneUp Software [2012/02/04 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Usevasi [2011/06/29 00:52:50 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\VidCoder [2010/12/30 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Vodafone [2010/12/30 15:57:10 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Vodafone Mobile Connect [2010/12/28 12:59:11 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Win7codecs [2010/12/25 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Windows Live Writer [2010/12/29 22:20:56 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\WindSolutions [2012/02/05 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\PR\AppData\Roaming\Wya [2011/05/12 21:34:45 | 000,032,602 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:268F887D @Alternate Data Stream - 143 bytes -> C:\Users\PR\AppData\Roaming\default.rss:OECustomProperty < End of report > [/code OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/5/2012 12:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\PR\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.46% Memory free
3.98 Gb Paging File | 2.65 Gb Available in Paging File | 66.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.00 Gb Total Space | 48.97 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
Drive D: | 130.01 Gb Total Space | 102.82 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Computer Name: HADES | User Name: PR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D729220-D8ED-4CDA-9190-9A45659FC9B7}" = ATLAS.ti 5.2
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = MultimediaPOP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC508A6-3212-4C26-A768-8B83E79160A8}_is1" = Game Flow Analysis Tool 1.0.0.29
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFF10B77-36EB-4B73-AA8B-2B98E74EC3C7}" = YouTube Downloader Toolbar v4.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"Google Calendar Sync" = Google Calendar Sync
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"nfsClockHDAzure New Free Screensaver_is1" = NewFreeScreensaver nfsClockHDAzure
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 11.60.1185" = Opera 11.60
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = AFSS HTML Designer 2.3
"ST6UNST #2" = AFSS HTML Designer 2.3 (C:\Program Files\AFSS HTML Designer\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"voxware_is1" = Voxware Audio decoder 1.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"E029939D4F3D9F105D64DB3EFB4C3046BB839A87" = PamFaxOutlookAddIn2010
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/6/2011 6:28:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 6:28:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 6:28:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 6:28:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 6:28:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 6:40:58 AM | Computer Name = HADES | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 9/6/2011 7:27:53 PM | Computer Name = HADES | Source = Bonjour Service | ID = 100
Description =
Error - 9/6/2011 7:27:53 PM | Computer Name = HADES | Source = Bonjour Service | ID = 100
Description =
Error - 9/7/2011 3:34:00 AM | Computer Name = HADES | Source = Bonjour Service | ID = 100
Description =
Error - 9/7/2011 3:34:00 AM | Computer Name = HADES | Source = Bonjour Service | ID = 100
Description =
[ Media Center Events ]
Error - 5/3/2011 1:32:38 PM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 19:32:38 - Fehler beim Herstellen der Internetverbindung. 19:32:38
- Serververbindung konnte nicht hergestellt werden..
Error - 5/3/2011 1:32:53 PM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 19:32:43 - Fehler beim Herstellen der Internetverbindung. 19:32:43
- Serververbindung konnte nicht hergestellt werden..
Error - 5/6/2011 1:22:13 AM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 07:22:13 - Fehler beim Herstellen der Internetverbindung. 07:22:13
- Serververbindung konnte nicht hergestellt werden..
Error - 5/6/2011 1:22:50 AM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 07:22:42 - Fehler beim Herstellen der Internetverbindung. 07:22:42
- Serververbindung konnte nicht hergestellt werden..
Error - 5/18/2011 3:59:57 AM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 09:59:50 - Fehler beim Herstellen der Internetverbindung. 09:59:50
- Serververbindung konnte nicht hergestellt werden..
Error - 5/28/2011 10:00:28 AM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 16:00:28 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 6/3/2011 4:56:56 PM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 22:56:56 - Fehler beim Herstellen der Internetverbindung. 22:56:56
- Serververbindung konnte nicht hergestellt werden..
Error - 6/3/2011 4:57:13 PM | Computer Name = PR-PC | Source = MCUpdate | ID = 0
Description = 22:57:01 - Fehler beim Herstellen der Internetverbindung. 22:57:01
- Serververbindung konnte nicht hergestellt werden..
Error - 6/19/2011 3:27:04 AM | Computer Name = HADES | Source = MCUpdate | ID = 0
Description = 09:27:03 - Fehler beim Herstellen der Internetverbindung. 09:27:04
- Serververbindung konnte nicht hergestellt werden..
Error - 6/25/2011 3:12:11 AM | Computer Name = HADES | Source = MCUpdate | ID = 0
Description = 09:12:11 - Fehler beim Herstellen der Internetverbindung. 09:12:11
- Serververbindung konnte nicht hergestellt werden..
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 21.11.2011 3.1.0.4880 Adobe Community Help Adobe Systems Incorporated. 21.11.2011 3.4.980 Adobe Download Assistant Adobe Systems Incorporated 21.11.2011 1.0.6 Adobe Dreamweaver CS5.5 Adobe Systems Incorporated 21.11.2011 827MB 11.5 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.09.2010 2,47MB 10.1.53.64 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.11.2011 6,00MB 11.1.102.55 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 01.02.2012 167,5MB 10.1.2 Adobe Widget Browser Adobe Systems Incorporated. 21.11.2011 2.0 Build 230 AFSS HTML Designer 2.3 21.11.2011 AFSS HTML Designer 2.3 (C:\Program Files\AFSS HTML Designer\) 28.11.2011 Atheros Client Installation Program Atheros 06.09.2010 1.0.5.0621 ATLAS.ti 5.2 ATLAS.ti Scientific Software Development GmbH 18.01.2011 26,3MB 05.02.0000 Avira Free Antivirus Avira 30.01.2012 108,6MB 12.0.0.872 AVM FRITZ!Box USB-Fernanschluss AVM Berlin 26.12.2010 2.2.1.0 BatteryLifeExtender Samsung 06.09.2010 31,5MB 1.0.6 Broadcom 802.11 Network Adapter Broadcom Corporation 07.09.2010 5.60.48.44 CCleaner Piriform 04.02.2012 3.15 Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 07.06.2011 11,6MB 5.0.6 CyberLink YouCam CyberLink Corp. 23.12.2010 77,2MB 2.0.3911 DivX-Setup DivX, LLC 22.05.2011 2.5.0.8 Dropbox Dropbox, Inc. 15.10.2011 1.1.45 Easy Content Share Samsung Electronics Co., LTD 06.09.2010 12,5MB 1.0 Easy Display Manager Samsung Electronics Co., Ltd. 06.09.2010 3.2 Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 06.09.2010 2.1.0.15 EasyBatteryManager Samsung 06.09.2010 4.0.0.4 ESET Online Scanner v3 03.02.2012 Fast Start SAMSUNG 06.09.2010 2.2.0.0 Foxit Reader 5.0 Foxit Corporation 27.08.2011 24,9MB 5.0.2.718 Free Video to MP3 Converter version 5.0.3.1206 DVDVideoSoft Ltd. 29.12.2011 52,3MB Game Flow Analysis Tool 1.0.0.29 Ralf Armin Böttcher 08.01.2012 1.0.0.29 Game Pack Oberon Media, Inc. 23.12.2010 6.3.1.1 GIMP 2.6.11 The GIMP Team 16.10.2011 107,7MB 2.6.11 Google Calendar Sync 19.10.2011 GTA2 28.12.2010 1.00.001 HP Customer Participation Program 13.0 HP 26.12.2010 13.0 HP Imaging Device Functions 13.0 HP 26.12.2010 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP 18.09.2011 13.0 HP Photosmart Essential 3.5 HP 18.09.2011 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP 26.12.2010 13.0 HP Smart Web Printing 4.51 HP 26.12.2010 4.51 HP Solution Center 13.0 HP 26.12.2010 13.0 HP Update Hewlett-Packard 26.12.2010 3,73MB 4.000.011.006 ImgBurn LIGHTNING UK! 03.09.2011 2.5.5.0 Intel(R) Graphics Media Accelerator Driver Intel Corporation 06.09.2010 54,3MB 8.14.10.2117 Intel® Matrix Storage Manager Intel Corporation 06.09.2010 Internet-TV für Windows Media Center Microsoft Corporation 25.12.2010 13,7MB 4.2.2.0 IrfanView (remove only) Irfan Skiljan 28.12.2010 1,50MB 4.28 Java(TM) 6 Update 26 Oracle 21.03.2011 95,0MB 6.0.260 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 04.02.2012 17,3MB 1.60.1.1000 Marvell Miniport Driver Marvell 06.09.2010 11.24.27.3 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.06.2011 38,8MB 4.0.30320 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.06.2011 2,94MB 4.0.30320 Microsoft Office Home and Student 2010 Microsoft Corporation 07.07.2011 14.0.6029.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 28.12.2010 14.0.4763.1000 Microsoft Office Professional Plus 2010 Microsoft Corporation 07.07.2011 14.0.6029.1000 Microsoft Outlook Social Connector Provider for Facebook 32-bit Microsoft Corporation 14.06.2011 0,22MB 14.0.5117.5000 Microsoft Silverlight Microsoft Corporation 26.10.2011 140,1MB 4.0.60831.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.12.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.06.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.09.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.10.2011 16,5MB 10.0.40219 Movie Color Enhancer Samsung Electronics Co., Ltd. 06.09.2010 1.0 Mozilla Firefox 7.0.1 (x86 de) Mozilla 23.10.2011 33,4MB 7.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.12.2010 37,00KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.12.2010 1,33MB 4.20.9876.0 MultimediaPOP 06.09.2010 1.1 NewFreeScreensaver nfsClockHDAzure 28.12.2010 10,4MB Nvu 1.0 Thorsten Fritz 21.11.2011 1.0 OCR Software by I.R.I.S. 13.0 HP 26.12.2010 13.0 Opera 11.60 Opera Software ASA 10.12.2011 11.60.1185 PamFax Scendix Software GmbH 18.06.2011 25,4MB 3.2.0.6 PamFax Office Integration Scendix Software GmbH 18.06.2011 3,17MB 1.0.0.3 PamFaxOutlookAddIn2010 PamFaxOutlookAddIn2010 19.10.2011 PDFCreator Frank Heindörfer, Philip Chinery 25.04.2011 1.2.0 pdfforge Toolbar v4.6 Spigot, Inc. 27.08.2011 3,17MB 4.6 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.12.2010 6.0.1.6210 Samsung Recovery Solution 5 Samsung 06.09.2010 5.0.0.7 Samsung Support Center 1.0 Samsung 06.11.2011 83,8MB 1.1.38 Samsung Universal Print Driver Samsung Electronics Co., Ltd. 23.12.2010 2.01.06.00:16 Samsung Universal Scan Driver Samsung Electronics Co., Ltd. 23.12.2010 1.2.1.0 Samsung Update Plus Samsung Electronics Co., Ltd. 20.12.2011 3.0.1.17 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 17.08.2011 45,3MB 1.4.2.2 Scribus 1.3.3.14 The Scribus Team 10.01.2012 1.3.3.14 Shop for HP Supplies HP 26.12.2010 13.0 Skype™ 4.2 Skype Technologies S.A. 23.12.2010 31,7MB 4.2.169 SpeedFan (remove only) 28.12.2010 Synaptics Pointing Device Driver Synaptics Incorporated 08.10.2011 46,4MB 15.3.22.0 Total Commander (Remove or Repair) Ghisler Software GmbH 25.12.2010 7.56a TubeBox! Jens Lorek 14.11.2011 13,1MB 3.4.6 TuneUp Utilities 2012 TuneUp Software 19.01.2012 12.0.2160.11 VLC media player 1.1.11 VideoLAN 09.10.2011 1.1.11 Vodafone Mobile Connect Lite Vodafone 29.12.2010 25,4MB 9.4.3.17550 Voxware Audio decoder 1.6 27.08.2011 1.6.0 WIDCOMM Bluetooth Software Broadcom Corporation 23.12.2010 118,6MB 6.3.0.6200 Win7codecs Shark007 27.12.2010 66,7MB 2.7.0 Windows Live Essentials Microsoft Corporation 25.12.2010 15.4.3508.1109 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 24.12.2010 5,58MB 15.4.5722.2 Windows Live Sync Microsoft Corporation 23.12.2010 2,79MB 14.0.8117.416 Windows Media Center Add-in for Silverlight Microsoft Corporation 25.12.2010 0,24MB 4.7.3.0 Windows Media Player Firefox Plugin Microsoft Corp 25.12.2010 0,59MB 1.0.0.8 WinRAR 25.12.2010 Yahoo! Toolbar 18.09.2011 YouTube Downloader 3.5 BienneSoft 28.12.2011 YouTube Downloader Toolbar v4.5 Spigot, Inc. 11.07.2011 2,62MB 4.5 |
|
06.02.2012, 16:19
| #4 |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.02.2012, 09:59
| #5 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Gmer: Code:
ATTFilter GMER Logfile: MBR Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_ rev.ESBO -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8283F52A] -> \Device\Harddisk0\DR0[0x8622D7C8]
3 CLASSPNP[0x88DA859E] -> ntkrnlpa!IofCallDriver[0x8283F52A] -> \Device\Ide\IAAStorageDevice-0[0x85768028]
kernel: MBR read successfully
user & kernel MBR OK
gruß |
|
07.02.2012, 18:10
| #6 | |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert 1. deinstalliere unter `Systemsteuerung -> Software/Programme: Code:
ATTFilter pdfforge Toolbar <-Adware -Toolbar YouTube Downloader Toolbar <- unnötig Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=15788
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\PR\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll File not found
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Users\PR\Documents\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3040.dll File not found
[2010/09/28 21:39:14 | 000,002,333 | ---- | M] () -- C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\1dvofzno.default\searchplugins\askcom.xml
[2011/10/24 14:44:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/24 14:44:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12e643ba-60e0-11e0-952a-002454eed034}\Shell - "" = AutoRun
O33 - MountPoints2\{12e643ba-60e0-11e0-952a-002454eed034}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{82847725-24f7-11e0-a617-4cedde06f53c}\Shell - "" = AutoRun
O33 - MountPoints2\{82847725-24f7-11e0-a617-4cedde06f53c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{eb3c120e-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun
O33 - MountPoints2\{eb3c120e-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{eb3c12a4-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun
O33 - MountPoints2\{eb3c12a4-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{eb3c1320-1362-11e0-b546-4cedde06f53c}\Shell - "" = AutoRun
O33 - MountPoints2\{eb3c1320-1362-11e0-b546-4cedde06f53c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2012/02/04 14:39:05 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Wya
[2012/02/04 14:39:05 | 000,000,000 | ---D | C] -- C:\Users\PR\AppData\Roaming\Usevasi
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:268F887D
@Alternate Data Stream - 143 bytes -> C:\Users\PR\AppData\Roaming\default.rss:OECustomProperty
:Commands
[purity]
[emptytemp]
3. erneut einen Scan mit OTL:
4. Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 5. Firefox aktualisieren: Code:
ATTFilter Mozilla Firefox 7.0.1
reinige dein System mit CCleaner:
7.
8. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 9. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
|
| Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
| 4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, antivir, avgnt, avira, blockiert, converter, desktop, device driver, document, downloader, error, firefox, flash player, helper, home, installation, locker, mbamservice.exe, mozilla, mp3, netzwerk, officejet, outlook 2010, pdfforge toolbar, plug-in, realtek, registry, scan, security, software, svchost.exe, system, usb, vodafone, windows, windows 7 home, windows 7 home premium, wurde ihr, youtube downloader |
.
Linear-Darstellung
