![]() |
Log-Analyse und Auswertung: Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? Hallo, auf meinem Bildschirm an LapTop kommt seit einer guten Stunde immer die Nachricht das ich 50€ Zahlen muss . Ich habe schon in Foren gelesen , dass es sich um einen Trojaner handelt. Ich bitte um Hilfe damit der schnell weggeht :-) Gruß Holthi |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? hi
__________________neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
![]() | #3 |
| ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? Muss ich f8 direkt beim Hochfahren drücken ? Weil bei der Desktopansicht kommt wieder der Schwarze Bildschirm.
__________________ |
![]() | #4 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? ne, beim neustarten direkt ein paar mal drücken
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #5 |
| ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? jetzt kann ich aber kein OTL runterladen . OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 16:29:30 - Run 1 OTL by OldTimer - Version Folder = C:\Users\F&H Mitarbeiter\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,74 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 75,50% Memory free 3,48 Gb Paging File | 3,10 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,95 Gb Total Space | 71,41 Gb Free Space | 51,39% Space Free | Partition Type: NTFS Drive D: | 139,04 Gb Total Space | 138,93 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PC-FISCHER | User Name: F&H Mitarbeiter | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business "{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{32E2F180-247C-4077-B06A-20F9868568E1}_is1" = UltraMixer "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5783F2D6-7028-0407-0000-0060B0CE6BBA}" = DWG TrueView 2009 "{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{903B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002 "{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "7-Zip" = 7-Zip 4.57 "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface Service "Autodesk Express Viewer" = Autodesk Express Viewer "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CdaC13Ba" = SafeCast Shared Components "DivX Setup" = DivX-Setup "DWG TrueView 2009" = DWG TrueView 2009 "Elantech" = ETDWare PS/2-x86 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "I.R.I.S. Desktop Search" = I.R.I.S. Desktop Search "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "Keyboard Music_is1" = Keyboard Music 2.4 "LManager" = Launch Manager "McAfeeBrowserProtection" = McAfee Browser Protection Service "MVS" = McAfee Virus and Spyware Protection Service "Synthesia" = Synthesia (remove only) "TeamViewer 7" = TeamViewer 7 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.02.2012 14:56:14 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.02.2012 15:45:23 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.03.2012 09:53:42 | Computer Name = PC-Fischer | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe, Version:, Zeitstempel: 0x4f2166d3 Name des fehlerhaften Moduls: igdumd32.dll, Version:, Zeitstempel: 0x4bb3cf11 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000165f6 ID des fehlerhaften Prozesses: 0x12c8 Startzeit der fehlerhaften Anwendung: 0x01ccf94508fb16b6 Pfad der fehlerhaften Anwendung: C:\Users\F&H Mitarbeiter\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll Berichtskennung: 491f9850-6538-11e1-a18e-88ae1d9e70a4 Error - 03.03.2012 09:53:56 | Computer Name = PC-Fischer | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe, Version:, Zeitstempel: 0x4f2166d3 Name des fehlerhaften Moduls: igdumd32.dll, Version:, Zeitstempel: 0x4bb3cf11 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000165f6 ID des fehlerhaften Prozesses: 0x101c Startzeit der fehlerhaften Anwendung: 0x01ccf94512d8de32 Pfad der fehlerhaften Anwendung: C:\Users\F&H Mitarbeiter\Downloads\SoftonicDownloader_fuer_virtual-dj-free-home-edition.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\igdumd32.dll Berichtskennung: 515c53e0-6538-11e1-a18e-88ae1d9e70a4 Error - 03.03.2012 09:56:28 | Computer Name = PC-Fischer | Source = VSS | ID = 8194 Description = Error - 04.03.2012 06:05:59 | Computer Name = PC-Fischer | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 145c Startzeit: 01ccf9ee3a489d52 Endzeit: 16 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 9d37792e-65e1-11e1-b2e9-88ae1d9e70a4 Error - 04.03.2012 17:03:59 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.03.2012 13:54:12 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 10.03.2012 13:38:01 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 13.03.2012 17:23:02 | Computer Name = PC-Fischer | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Media Center Events ] Error - 28.06.2011 07:11:08 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 13:11:04 - Fehler beim Herstellen der Internetverbindung. 13:11:04 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2011 15:25:53 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 21:25:53 - Fehler beim Herstellen der Internetverbindung. 21:25:53 - Serververbindung konnte nicht hergestellt werden.. Error - 30.06.2011 15:26:03 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 21:25:59 - Fehler beim Herstellen der Internetverbindung. 21:25:59 - Serververbindung konnte nicht hergestellt werden.. Error - 01.07.2011 14:08:57 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 20:08:57 - Fehler beim Herstellen der Internetverbindung. 20:08:57 - Serververbindung konnte nicht hergestellt werden.. Error - 01.07.2011 14:09:11 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 20:09:03 - Fehler beim Herstellen der Internetverbindung. 20:09:03 - Serververbindung konnte nicht hergestellt werden.. Error - 05.07.2011 11:23:48 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 17:23:47 - Fehler beim Herstellen der Internetverbindung. 17:23:47 - Serververbindung konnte nicht hergestellt werden.. Error - 05.07.2011 11:24:00 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 17:23:53 - Fehler beim Herstellen der Internetverbindung. 17:23:53 - Serververbindung konnte nicht hergestellt werden.. Error - 10.07.2011 07:46:24 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 13:46:24 - Fehler beim Herstellen der Internetverbindung. 13:46:24 - Serververbindung konnte nicht hergestellt werden.. Error - 10.07.2011 07:46:33 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 13:46:29 - Fehler beim Herstellen der Internetverbindung. 13:46:29 - Serververbindung konnte nicht hergestellt werden.. Error - 10.07.2011 10:11:52 | Computer Name = PC-Fischer | Source = MCUpdate | ID = 0 Description = 16:11:24 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) [ System Events ] Error - 22.03.2012 11:26:24 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:26:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:26:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:26:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:40 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:40 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:40 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.03.2012 11:31:58 | Computer Name = PC-Fischer | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 16:29:30 - Run 1 OTL by OldTimer - Version Folder = C:\Users\F&H Mitarbeiter\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,74 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 75,50% Memory free 3,48 Gb Paging File | 3,10 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,95 Gb Total Space | 71,41 Gb Free Space | 51,39% Space Free | Partition Type: NTFS Drive D: | 139,04 Gb Total Space | 138,93 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PC-FISCHER | User Name: F&H Mitarbeiter | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.22 16:28:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\F&H Mitarbeiter\Downloads\OTL.exe PRC - [2012.03.08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2012.03.07 19:15:46 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe PRC - [2011.07.19 08:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.07 19:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll MOD - [2012.03.07 19:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.11 18:23:26 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2011.11.28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.08.25 13:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer) SRV - [2011.08.25 13:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc) SRV - [2011.08.03 15:54:28 | 000,166,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.07.19 08:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2011.05.12 10:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service) SRV - [2011.01.24 17:00:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.19 12:04:59 | 000,054,784 | ---- | M] (Macrovision) [Auto | Stopped] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2010.04.23 09:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.04.08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.03.26 09:40:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.11.02 11:48:12 | 000,099,728 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2011.07.19 08:57:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.07.19 08:57:00 | 000,180,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.07.19 08:57:00 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.07.19 08:57:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.07.19 08:57:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.07.19 08:57:00 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.07.19 08:57:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.01.19 12:04:59 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2010.04.22 06:44:22 | 000,189,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.21 10:59:04 | 000,275,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2010.03.15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010.03.15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2010.03.15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2010.03.15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010.03.15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2010.03.15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2010.03.15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2010.02.27 00:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.02.03 14:36:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.11.02 11:45:44 | 000,014,808 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.09.15 05:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = hxxp://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1Qzuzzzz0A0EtC0Dzy0EyBtD0AyE0B0FyE0BtBtN0D0TzutBtDtCtCtDzztDyB&cr=467016097 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\F&H Mitarbeiter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011.08.24 20:20:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.09.10 20:23:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.17 19:38:42 | 000,000,000 | ---D | M] [2012.03.22 15:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.24 16:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.25 21:50:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110909192905.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\F&H Mitarbeiter\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\F&H Mitarbeiter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [SkypePM] C:\Users\F&H Mitarbeiter\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O4 - Startup: C:\Users\F&H Mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\F&H Mitarbeiter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D47772F-E224-4A0E-B57D-14D67966D1A1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{582A743E-C9AF-4DA9-9F0F-A08F14769316}: DhcpNameServer = O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ISLAlwaysOn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.28 18:44:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.15 17:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012.03.15 17:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2012.03.14 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Local\CrashRpt [2012.03.14 13:36:21 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 13:36:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.14 13:36:14 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.14 13:36:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 13:36:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.14 13:36:06 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.14 13:35:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.14 13:35:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 13:35:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 13:35:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.13 20:17:16 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\BitTorrent [2012.03.13 20:08:42 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\TeamViewer [2012.03.11 09:28:45 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Local\ElevatedDiagnostics [2012.03.10 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\Documents\ICQ [2012.03.07 21:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.07 21:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.07 21:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.07 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.03.07 17:01:42 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\ICQ [2012.03.07 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7 [2012.03.03 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\Synthesia [2012.03.03 14:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia [2012.03.03 14:57:13 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\Documents\Synthesia Music [2012.03.03 14:57:10 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012.03.03 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia [2012.03.03 14:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyboard Music 2.4 [2012.03.03 14:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Keyboard Music 2.4 [2012.03.03 00:27:53 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\UltraMixer [2012.03.03 00:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer [2012.03.03 00:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMixer [2012.03.03 00:16:17 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\Systweak [2012.03.03 00:16:14 | 000,017,280 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.22 16:17:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 16:17:01 | 1401,978,880 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 15:40:05 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 15:40:05 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 17:17:02 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3071043470-1686766199-1502421412-1007UA.job [2012.03.18 20:17:01 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3071043470-1686766199-1502421412-1007Core.job [2012.03.15 17:07:47 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2012.03.14 21:09:54 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.14 20:55:28 | 000,391,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.14 14:06:02 | 000,001,696 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\iw4mpOLD - Verknüpfung.lnk [2012.03.13 20:10:30 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.03.13 16:35:39 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.13 16:35:39 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.13 16:35:39 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.13 16:35:39 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.07 21:30:20 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 17:02:13 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2012.03.03 14:56:09 | 003,762,733 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\Synthesia-0.8.1-installer.exe [2012.03.03 01:30:50 | 000,148,860 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.03.03 00:27:39 | 000,000,957 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\UltraMixer.lnk [2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.15 17:07:47 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2012.03.14 14:06:02 | 000,001,696 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\iw4mpOLD - Verknüpfung.lnk [2012.03.13 20:10:31 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.03.13 20:10:30 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.03.07 21:30:20 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 17:02:13 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2012.03.03 14:56:02 | 003,762,733 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\Synthesia-0.8.1-installer.exe [2012.03.03 00:27:39 | 000,000,957 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\UltraMixer.lnk [2011.10.20 14:39:44 | 000,148,860 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.07.31 16:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.06 16:22:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.25 17:00:41 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.01.21 16:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2011.01.19 14:06:41 | 000,000,144 | ---- | C] () -- C:\Windows\Readiris.ini [2011.01.19 08:56:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.19 08:56:53 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.09.24 04:47:57 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.09.24 04:47:57 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.09.24 04:47:57 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.09.24 04:47:57 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.09.23 19:06:13 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll [2010.09.23 19:06:13 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.09.23 19:06:13 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.09.23 19:06:13 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.09.23 19:06:13 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.09.23 19:06:13 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.09.23 19:03:37 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2010.09.23 19:03:37 | 000,026,448 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.09.23 19:03:37 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.09.23 19:03:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010.05.11 06:12:33 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.05.11 06:12:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.05.11 06:12:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.05.11 06:12:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.05.11 06:12:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.05.11 06:12:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.05.11 06:12:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 16:29:30 - Run 1 OTL by OldTimer - Version Folder = C:\Users\F&H Mitarbeiter\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,74 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 75,50% Memory free 3,48 Gb Paging File | 3,10 Gb Available in Paging File | 89,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,95 Gb Total Space | 71,41 Gb Free Space | 51,39% Space Free | Partition Type: NTFS Drive D: | 139,04 Gb Total Space | 138,93 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PC-FISCHER | User Name: F&H Mitarbeiter | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.22 16:28:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\F&H Mitarbeiter\Downloads\OTL.exe PRC - [2012.03.08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2012.03.07 19:15:46 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe PRC - [2011.07.19 08:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.07 19:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll MOD - [2012.03.07 19:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.11 18:23:26 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2011.11.28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.08.25 13:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer) SRV - [2011.08.25 13:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc) SRV - [2011.08.03 15:54:28 | 000,166,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.07.19 08:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2011.05.12 10:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service) SRV - [2011.01.24 17:00:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.19 12:04:59 | 000,054,784 | ---- | M] (Macrovision) [Auto | Stopped] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2010.04.23 09:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.04.08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.03.26 09:40:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.11.02 11:48:12 | 000,099,728 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2011.07.19 08:57:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.07.19 08:57:00 | 000,180,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.07.19 08:57:00 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.07.19 08:57:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.07.19 08:57:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.07.19 08:57:00 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.07.19 08:57:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.01.19 12:04:59 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2010.04.22 06:44:22 | 000,189,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.21 10:59:04 | 000,275,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2010.03.15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010.03.15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2010.03.15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2010.03.15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010.03.15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2010.03.15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2010.03.15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2010.02.27 00:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.02.03 14:36:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.11.02 11:45:44 | 000,014,808 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.09.15 05:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = hxxp://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1Qzuzzzz0A0EtC0Dzy0EyBtD0AyE0B0FyE0BtBtN0D0TzutBtDtCtCtDzztDyB&cr=467016097 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\F&H Mitarbeiter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011.08.24 20:20:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.09.10 20:23:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.17 19:38:42 | 000,000,000 | ---D | M] [2012.03.22 15:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.24 16:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.25 21:50:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110909192905.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\F&H Mitarbeiter\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\F&H Mitarbeiter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [SkypePM] C:\Users\F&H Mitarbeiter\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O4 - Startup: C:\Users\F&H Mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\F&H Mitarbeiter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D47772F-E224-4A0E-B57D-14D67966D1A1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{582A743E-C9AF-4DA9-9F0F-A08F14769316}: DhcpNameServer = O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ISLAlwaysOn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.28 18:44:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.15 17:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012.03.15 17:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2012.03.14 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Local\CrashRpt [2012.03.14 13:36:21 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 13:36:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.14 13:36:14 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.14 13:36:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 13:36:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.14 13:36:06 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.14 13:35:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.14 13:35:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 13:35:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 13:35:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.13 20:17:16 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\BitTorrent [2012.03.13 20:08:42 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\TeamViewer [2012.03.11 09:28:45 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Local\ElevatedDiagnostics [2012.03.10 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\Documents\ICQ [2012.03.07 21:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.07 21:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.07 21:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.07 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.03.07 17:01:42 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\ICQ [2012.03.07 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7 [2012.03.03 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\Synthesia [2012.03.03 14:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia [2012.03.03 14:57:13 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\Documents\Synthesia Music [2012.03.03 14:57:10 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012.03.03 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia [2012.03.03 14:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyboard Music 2.4 [2012.03.03 14:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Keyboard Music 2.4 [2012.03.03 00:27:53 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\UltraMixer [2012.03.03 00:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer [2012.03.03 00:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMixer [2012.03.03 00:16:17 | 000,000,000 | ---D | C] -- C:\Users\F&H Mitarbeiter\AppData\Roaming\Systweak [2012.03.03 00:16:14 | 000,017,280 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.22 16:17:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 16:17:01 | 1401,978,880 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 15:40:05 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 15:40:05 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 17:17:02 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3071043470-1686766199-1502421412-1007UA.job [2012.03.18 20:17:01 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3071043470-1686766199-1502421412-1007Core.job [2012.03.15 17:07:47 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2012.03.14 21:09:54 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.14 20:55:28 | 000,391,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.14 14:06:02 | 000,001,696 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\iw4mpOLD - Verknüpfung.lnk [2012.03.13 20:10:30 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.03.13 16:35:39 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.13 16:35:39 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.13 16:35:39 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.13 16:35:39 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.07 21:30:20 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 17:02:13 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2012.03.03 14:56:09 | 003,762,733 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\Synthesia-0.8.1-installer.exe [2012.03.03 01:30:50 | 000,148,860 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.03.03 00:27:39 | 000,000,957 | ---- | M] () -- C:\Users\F&H Mitarbeiter\Desktop\UltraMixer.lnk [2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.15 17:07:47 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2012.03.14 14:06:02 | 000,001,696 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\iw4mpOLD - Verknüpfung.lnk [2012.03.13 20:10:31 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.03.13 20:10:30 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.03.07 21:30:20 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 17:02:13 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2012.03.03 14:56:02 | 003,762,733 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\Synthesia-0.8.1-installer.exe [2012.03.03 00:27:39 | 000,000,957 | ---- | C] () -- C:\Users\F&H Mitarbeiter\Desktop\UltraMixer.lnk [2011.10.20 14:39:44 | 000,148,860 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.07.31 16:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.06 16:22:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.25 17:00:41 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.01.21 16:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2011.01.19 14:06:41 | 000,000,144 | ---- | C] () -- C:\Windows\Readiris.ini [2011.01.19 08:56:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.19 08:56:53 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.09.24 04:47:57 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.09.24 04:47:57 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.09.24 04:47:57 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.09.24 04:47:57 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.09.23 19:06:13 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll [2010.09.23 19:06:13 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.09.23 19:06:13 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.09.23 19:06:13 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.09.23 19:06:13 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.09.23 19:06:13 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.09.23 19:03:37 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2010.09.23 19:03:37 | 000,026,448 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.09.23 19:03:37 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.09.23 19:03:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.09.23 19:03:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010.05.11 06:12:33 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.05.11 06:12:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.05.11 06:12:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.05.11 06:12:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.05.11 06:12:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.05.11 06:12:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.05.11 06:12:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config < End of report > |
![]() | #6 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? hi ist das nen firmen pc? wegen dem nutzernamen frag ich. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [SkypePM] C:\Users\FH Mitarbeiter\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) :Files C:\Users\FH Mitarbeiter\AppData\Local\Skype :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
__________________ --> Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? |
![]() |
Themen zu Schwarzer Bildschirm , 50€ Zahlen , was ist passiert ? |
50€ zahlen, bildschirm, bildschirm an, bitte um hilfe, foren, guten, laptop, nachricht, schnell, schwarzer, schwarzer bildschirm, stunde, troja, trojaner, zahlen |