| |
| |||||||
Log-Analyse und Auswertung: Bundespolizeitrojaner / ch810.exe-FehlermeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
16.04.2012, 10:52
| #1 |
 |  Bundespolizeitrojaner / ch810.exe-Fehlermeldung Hallo zusammen, vor ein paar Tagen habe ich mir mit einem Klick auf einen Internetlink offenbar einen Trojaner eingefangen: es öffnete sich der MS IE - mit dem ich sonst nicht arbeite - und ein Fenster, das ich nicht umgehen konnte, auf dem scheinbar die Bundespolizei eine Strafe verhängte und kassieren wollte. Der Task-Manager ließ sich zwar auf Tastaturbefehl hin noch starten, kam jedoch nicht in den Vordergrund (was ich beim Herunterfahren kurz sehen konnte). Ich habe den Rechner über Tastatur herunterfahren können, beim Neustart kam der Bildschirm jedoch wieder. Aus Frust habe ich die Kiste einen oder zwei Tage aus gelassen.  Danach kam beim Neustart nicht mehr der Bundespolizei-Bildschirm, nur noch eine Fehlermeldung "Problem beim Starten von C:\Users\KONFIG~1\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden." Die Meldung läst sich wegklicken, kommt aber seither immer beim Starten. Das Problem ist beschränkt auf den angemeldeten User. Ich habe versucht, mich wegen des Schadpotentials des Trojaners umzuschauen, wurde aber nicht fündig. Versuche, mit Bordmitteln den Trojaner zu killen habe ich nicht unternommen. Denn ich habe vor einiger Zeit mit meinem alten Rechner dank Trojaner-Board (super Hilfe damals!) einen kleinen Einblick bekommen, wie knifflig das sein kann, das ist mir trotz einer gewissen Technikaffinität echt zu hoch. Ich würde mich sehr freuen, wenn mir jemand helfen könnte, das Mistding wieder los zu werden. Vielen Dank im Vorhinein. Die log-files kommen hier (ich glaube man konnte das irgendwie als Zitat kennzeichnen, aber ich weiß nicht mehr, wie das geht). Viele Grüße . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Konfiguration at 10:55:32 on 2012-04-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2438 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WUDFHost.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.aldi.com uDefault_Page_URL = hxxp://www.aldi.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup StartupFolder: c:\users\konfig~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\ch8l0e~1.lnk - c:\windows\system32\rundll32.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5426975B-F785-4627-B2B1-8176017CD259} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\konfiguration\appdata\roaming\mozilla\firefox\profiles\89e6vabj.default\ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 62592] R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 24192] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-29 176128] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-21 2280312] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-29 6472192] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-29 228352] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-9-24 102416] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 603240] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-5-21 25088] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-11-12 30464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253088] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-6 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040] . =============== Created Last 30 ================ . 2012-04-16 06:42:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{75b23c02-da13-4735-a103-e84499d2048d}\mpengine.dll 2012-04-09 07:08:28 -------- d-----w- c:\users\konfiguration\.thumbnails 2012-04-09 07:06:27 -------- d-----w- c:\users\konfiguration\.gimp-2.6 2012-04-09 07:05:54 -------- d-----w- c:\program files\GIMP-2.0 2012-03-30 05:30:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-18 06:40:30 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-18 06:40:30 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-04-13 20:17:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-09 16:27:49 1056 --sha-w- c:\programdata\KGyGaAvL.sys 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 10:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 05:44:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:44:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll . ============= FINISH: 10:56:27,04 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 09.04.2011 15:21:27 System Uptime: 16.04.2012 08:32:02 (2 hours ago) . Motherboard: MEDIONPC | | MS-7646 Processor: AMD Athlon(tm) II X3 440 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 900 GiB total, 741,988 GiB free. D: is FIXED (NTFS) - 30 GiB total, 12,519 GiB free. E: is CDROM (CDFS) G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP102: 20.11.2011 14:30:18 - Windows Update RP103: 24.11.2011 06:44:52 - Windows Update RP104: 27.11.2011 20:41:53 - Windows Update RP105: 01.12.2011 10:12:48 - Windows Update RP106: 05.12.2011 19:52:57 - Windows Update RP107: 10.12.2011 08:36:53 - Windows Update RP108: 14.12.2011 06:55:42 - Windows Update RP109: 15.12.2011 22:58:38 - Windows Update RP110: 18.12.2011 11:34:01 - Installed HTC Sync. RP111: 20.12.2011 13:31:30 - Windows Update RP112: 24.12.2011 11:46:09 - Windows Update RP113: 27.12.2011 17:05:32 - Windows Update RP114: 31.12.2011 10:15:54 - Windows Update RP115: 04.01.2012 08:56:24 - Windows Update RP116: 07.01.2012 21:30:21 - Windows Update RP117: 11.01.2012 07:44:12 - Windows Update RP118: 12.01.2012 01:30:42 - Windows Update RP119: 15.01.2012 20:17:25 - Windows Update RP120: 19.01.2012 11:25:03 - Windows Update RP121: 23.01.2012 09:40:01 - Windows Update RP122: 27.01.2012 18:01:11 - Windows Update RP123: 30.01.2012 23:00:29 - Windows Update RP124: 04.02.2012 19:10:47 - Windows Update RP125: 08.02.2012 07:22:24 - Windows Update RP126: 11.02.2012 22:17:35 - Windows Update RP127: 15.02.2012 01:19:11 - Windows Update RP128: 17.02.2012 00:07:40 - Windows Update RP129: 20.02.2012 19:54:03 - Windows Update RP130: 24.02.2012 22:03:56 - Windows Update RP131: 28.02.2012 07:46:22 - Windows Update RP132: 02.03.2012 21:18:01 - Windows Update RP133: 07.03.2012 07:07:39 - Windows Update RP134: 10.03.2012 20:44:35 - Windows Update RP135: 14.03.2012 21:14:45 - Windows Update RP136: 15.03.2012 03:00:16 - Windows Update RP137: 18.03.2012 08:29:28 - Installed HTC Sync. RP138: 19.03.2012 07:42:24 - Windows Update RP139: 22.03.2012 09:42:50 - Windows Update RP140: 26.03.2012 02:44:29 - Windows Update RP141: 28.03.2012 02:08:44 - Windows Update RP142: 31.03.2012 09:31:00 - Windows Update RP143: 04.04.2012 09:30:44 - Windows Update RP144: 07.04.2012 13:46:00 - Windows Update RP146: 07.04.2012 19:19:23 - Microsoft Antimalware Checkpoint RP147: 11.04.2012 02:01:47 - Windows Update RP148: 14.04.2012 09:15:08 - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) - Deutsch Adobe Shockwave Player 11.5 ATI Catalyst Install Manager CanoScan Toolbox Ver4.9 Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish CCleaner Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CorelDRAW Essentials 4 CorelDRAW Essentials 4 - Content CorelDRAW Essentials 4 - Draw CorelDRAW Essentials 4 - Filters CorelDRAW Essentials 4 - ICA CorelDRAW Essentials 4 - IPM - No VBA CorelDRAW Essentials 4 - Lang BR CorelDRAW Essentials 4 - Lang DE CorelDRAW Essentials 4 - Lang EN CorelDRAW Essentials 4 - Lang ES CorelDRAW Essentials 4 - Lang FR CorelDRAW Essentials 4 - Lang IT CorelDRAW Essentials 4 - Lang NL CorelDRAW Essentials 4 - PHOTO-PAINT CorelDRAW Essentials 4 - Windows Shell Extension CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD Copy D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ElsterFormular Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live FreePDF (Remove only) Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Gigaset QuickSync GIMP 2.6.12 GPL Ghostscript HTC BMP USB Driver HTC Driver Installer HTC Sync Java Auto Updater Java(TM) 6 Update 29 JoGoVEREIN Junk Mail filter update Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Medion Home Cinema Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Antimalware Microsoft Antimalware Service DE-DE Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Security Client Microsoft Security Client DE-DE Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 11.0 (x86 de) MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Oracle VM VirtualBox 4.0.4 PlayReady PC Runtime x86 Poczta uslugi Windows Live Podstawowe programy Windows Live Pošta Windows Live Raccolta foto di Windows Live Realtek High Definition Audio Driver RedMon - Redirection Port Monitor S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Speccy Spelling Dictionaries Support For Adobe Reader 9 St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? TeamViewer 6 TrueCrypt Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi Versandhelfer Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Fotogalerie Windows Live Fotograf Galerisi Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File =========================== GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-04-16 11:13:47 Windows 6.1.7601 Service Pack 1 Running: 2pnnb8im.exe; Driver: C:\Users\KONFIG~1\AppData\Local\Temp\pxddapoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 8305B339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83094D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92214000, 0x349D76, 0xE8000020] ? C:\Users\KONFIG~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- EOF - GMER 1.0.15 ---- |
|
16.04.2012, 11:16
| #2 |
| /// Malware-holic   | Bundespolizeitrojaner / ch810.exe-Fehlermeldung hi
__________________hast du den link noch? und wenn ja kannst du ihn mir als private nachicht senden? danke
__________________ |
|
16.04.2012, 11:25
| #3 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Hallo,
__________________das geht leider nicht. Ich habe in einem tumblr-Blog eine Vorschauansicht offen gehabt und wollte einen Beitrag öffnen. Ich finde das auch nicht mehr wieder, weil ich den Weg bis dorthin nicht mehr rekonstruieren kann. Tut mir Leid. :-( |
|
16.04.2012, 11:26
| #4 |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-Fehlermeldung hätt ja klappen können. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2012, 11:56
| #5 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Ich denke, das hat geklappt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/16/2012 12:34:32 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konfiguration\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.25 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 74.29% Memory free 6.50 Gb Paging File | 5.37 Gb Available in Paging File | 82.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900.41 Gb Total Space | 741.99 Gb Free Space | 82.41% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 12.52 Gb Free Space | 41.73% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DESKNEU | User Name: Konfiguration | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/16 12:31:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Konfiguration\Desktop\OTL.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/09/29 03:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/09/29 03:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/06/17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011/09/15 00:30:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll MOD - [2011/09/15 00:30:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll MOD - [2011/09/15 00:30:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll MOD - [2011/09/15 00:29:53 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2011/09/15 00:29:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2011/09/15 00:29:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2011/09/15 00:29:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2011/09/15 00:29:23 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2011/09/15 00:29:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/01 08:36:20 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 15:12:53 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/05/12 15:12:50 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/13 22:17:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/10/11 22:30:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/09/29 03:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/20 12:39:39 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011/03/30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011/02/17 18:06:10 | 000,160,560 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011/02/17 18:06:10 | 000,122,032 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011/02/17 18:06:10 | 000,111,152 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011/02/17 18:06:10 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/09/29 04:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/09/29 03:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/09/24 14:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/06/14 11:41:10 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010/05/15 00:04:14 | 000,062,592 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2010/05/15 00:04:14 | 000,024,192 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/03/10 04:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/10/26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/06/10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI IE - HKCU\..\SearchScopes,DefaultScope = {CC1A6DA6-697A-4DD0-8C69-080AC9D838E9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CC1A6DA6-697A-4DD0-8C69-080AC9D838E9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 08:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 16:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konfiguration\AppData\Roaming\mozilla\Extensions [2011/09/17 19:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konfiguration\AppData\Roaming\mozilla\Firefox\Profiles\89e6vabj.default\extensions [2012/01/01 01:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\KONFIGURATION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\89E6VABJ.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI [2012/03/18 08:40:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/01/01 01:55:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/01/01 01:55:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/01/01 01:55:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/01/01 01:55:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/01/01 01:55:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/01/01 01:55:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5426975B-F785-4627-B2B1-8176017CD259}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/16 12:31:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Konfiguration\Desktop\OTL.exe [2012/04/09 09:08:31 | 000,000,000 | ---D | C] -- C:\Users\Konfiguration\AppData\Roaming\gtk-2.0 [2012/04/09 09:08:28 | 000,000,000 | ---D | C] -- C:\Users\Konfiguration\.thumbnails [2012/04/09 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Konfiguration\Documents\gegl-0.0 [2012/04/09 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Konfiguration\.gimp-2.6 [2012/04/09 09:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2012/04/09 09:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2012/03/18 09:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync ========== Files - Modified Within 30 Days ========== [2012/04/16 12:31:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Konfiguration\Desktop\OTL.exe [2012/04/16 12:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/16 11:24:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 11:24:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 11:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/16 11:17:05 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2012/04/16 11:02:57 | 000,302,592 | ---- | M] () -- C:\Users\Konfiguration\Desktop\2pnnb8im.exe [2012/04/16 10:51:53 | 000,000,000 | ---- | M] () -- C:\Users\Konfiguration\defogger_reenable [2012/04/16 10:49:36 | 000,050,477 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Defogger.exe [2012/04/14 09:08:09 | 000,698,932 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/04/14 09:08:09 | 000,654,250 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/14 09:08:09 | 000,149,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/04/14 09:08:09 | 000,122,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/10 09:58:03 | 000,094,810 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Homepage - offene Fragen 2-WK2+MWM.rtf [2012/04/09 09:21:11 | 000,003,370 | ---- | M] () -- C:\Users\Konfiguration\.recently-used.xbel [2012/04/09 09:06:13 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2012/04/06 00:19:11 | 000,001,037 | ---- | M] () -- C:\Users\Konfiguration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk [2012/04/03 17:03:19 | 000,090,145 | ---- | M] () -- C:\Users\Konfiguration\Desktop\2011-07-20_BuVo_Offener_Brief_JM_RPf.pdf [2012/03/31 19:36:29 | 000,016,503 | ---- | M] () -- C:\Users\Konfiguration\Desktop\549-Seite1.pdf [2012/03/31 19:10:58 | 000,045,059 | ---- | M] () -- C:\Users\Konfiguration\Desktop\554-Seite1.pdf [2012/03/31 18:55:47 | 000,543,685 | ---- | M] () -- C:\Users\Konfiguration\Desktop\555-Seite1b.pdf [2012/03/31 18:53:34 | 000,154,409 | ---- | M] () -- C:\Users\Konfiguration\Desktop\555-Seite1.pdf [2012/03/30 09:05:55 | 000,107,239 | ---- | M] () -- C:\Users\Konfiguration\Desktop\FDP verhindert Schlecker-Rettung - Unfähig, kalt, liberal -- sueddeutsche.de.pdf [2012/03/29 22:14:35 | 000,086,974 | ---- | M] () -- C:\Users\Konfiguration\Desktop\548.pdf [2012/03/29 21:46:47 | 000,286,069 | ---- | M] () -- C:\Users\Konfiguration\Desktop\555.pdf [2012/03/22 23:12:59 | 000,147,071 | ---- | M] () -- C:\Users\Konfiguration\Desktop\NRV - Data Retention Directive-NGOs Survey.pdf [2012/03/22 23:07:35 | 000,107,451 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Data Retention Directive-NGOs Survey.pdf [2012/03/22 19:13:56 | 000,106,234 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Entwurf - Data Retention Directive-NGOs Survey.pdf [2012/03/22 19:11:46 | 000,031,450 | ---- | M] () -- C:\Users\Konfiguration\Desktop\1.pdf [2012/03/18 16:12:22 | 000,013,467 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Anschreiben18032012.pdf [2012/03/18 12:26:00 | 000,841,322 | ---- | M] () -- C:\Users\Konfiguration\Desktop\Gesbrennwertanlage mit BSFM und Tankentsorgung Angebot A12030018.pdf [2012/03/18 09:30:30 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk ========== Files Created - No Company Name ========== [2012/04/16 11:02:52 | 000,302,592 | ---- | C] () -- C:\Users\Konfiguration\Desktop\2pnnb8im.exe [2012/04/16 10:51:53 | 000,000,000 | ---- | C] () -- C:\Users\Konfiguration\defogger_reenable [2012/04/16 10:49:35 | 000,050,477 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Defogger.exe [2012/04/10 09:05:41 | 000,094,810 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Homepage - offene Fragen 2-WK2+MWM.rtf [2012/04/09 09:21:11 | 000,003,370 | ---- | C] () -- C:\Users\Konfiguration\.recently-used.xbel [2012/04/09 09:06:13 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2012/04/06 00:19:11 | 000,001,037 | ---- | C] () -- C:\Users\Konfiguration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk [2012/04/03 17:03:19 | 000,090,145 | ---- | C] () -- C:\Users\Konfiguration\Desktop\2011-07-20_BuVo_Offener_Brief_JM_RPf.pdf [2012/03/31 19:36:28 | 000,016,503 | ---- | C] () -- C:\Users\Konfiguration\Desktop\549-Seite1.pdf [2012/03/31 19:10:57 | 000,045,059 | ---- | C] () -- C:\Users\Konfiguration\Desktop\554-Seite1.pdf [2012/03/31 18:55:46 | 000,543,685 | ---- | C] () -- C:\Users\Konfiguration\Desktop\555-Seite1b.pdf [2012/03/31 18:53:33 | 000,154,409 | ---- | C] () -- C:\Users\Konfiguration\Desktop\555-Seite1.pdf [2012/03/30 09:05:55 | 000,107,239 | ---- | C] () -- C:\Users\Konfiguration\Desktop\FDP verhindert Schlecker-Rettung - Unfähig, kalt, liberal -- sueddeutsche.de.pdf [2012/03/30 07:30:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/29 22:14:35 | 000,086,974 | ---- | C] () -- C:\Users\Konfiguration\Desktop\548.pdf [2012/03/27 17:21:00 | 000,286,069 | ---- | C] () -- C:\Users\Konfiguration\Desktop\555.pdf [2012/03/22 23:12:55 | 000,147,071 | ---- | C] () -- C:\Users\Konfiguration\Desktop\NRV - Data Retention Directive-NGOs Survey.pdf [2012/03/22 23:07:34 | 000,107,451 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Data Retention Directive-NGOs Survey.pdf [2012/03/22 19:13:55 | 000,106,234 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Entwurf - Data Retention Directive-NGOs Survey.pdf [2012/03/22 19:11:45 | 000,031,450 | ---- | C] () -- C:\Users\Konfiguration\Desktop\1.pdf [2012/03/18 16:12:22 | 000,013,467 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Anschreiben18032012.pdf [2012/03/18 12:26:00 | 000,841,322 | ---- | C] () -- C:\Users\Konfiguration\Desktop\Gesbrennwertanlage mit BSFM und Tankentsorgung Angebot A12030018.pdf [2012/03/18 09:30:30 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2011/08/28 15:57:11 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/04/20 11:49:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011/04/20 11:49:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010/09/15 15:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/09/15 15:01:00 | 000,000,018 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010/08/11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010/06/16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010/05/12 15:13:56 | 000,698,932 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/12 15:13:56 | 000,149,128 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011/10/06 17:36:56 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\elsterformular [2012/04/09 09:21:11 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\gtk-2.0 [2012/03/18 09:30:37 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\HTC [2011/09/02 11:11:38 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011/10/10 21:40:46 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\Outlook [2011/05/27 11:57:16 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\TeamViewer [2011/04/20 12:52:27 | 000,000,000 | ---D | M] -- C:\Users\Konfiguration\AppData\Roaming\TrueCrypt [2011/12/29 09:30:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/08/28 16:42:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010/09/15 15:09:21 | 000,000,000 | ---D | M] -- C:\ATI [2011/09/20 15:05:21 | 000,000,000 | -H-D | M] -- C:\CanoScan [2011/04/09 15:14:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/05/06 13:42:53 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012/04/09 09:05:54 | 000,000,000 | R--D | M] -- C:\Program Files [2011/10/06 17:36:13 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/04/09 15:14:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/04/16 12:36:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/04/13 23:24:13 | 000,000,000 | R--D | M] -- C:\Users [2012/01/12 11:08:12 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_782\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys [2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_782\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2010/05/12 11:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys [2010/05/12 11:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/05/12 11:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2010/05/12 11:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012/04/09 09:21:11 | 000,003,370 | ---- | M] () -- C:\Users\Konfiguration\.recently-used.xbel [2012/04/16 10:51:53 | 000,000,000 | ---- | M] () -- C:\Users\Konfiguration\defogger_reenable [2012/04/16 12:35:38 | 001,572,864 | -HS- | M] () -- C:\Users\Konfiguration\NTUSER.DAT [2012/04/16 12:35:38 | 000,262,144 | -HS- | M] () -- C:\Users\Konfiguration\ntuser.dat.LOG1 [2011/04/09 15:21:32 | 000,000,000 | -HS- | M] () -- C:\Users\Konfiguration\ntuser.dat.LOG2 [2011/04/09 16:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\Konfiguration\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011/04/09 16:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\Konfiguration\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011/04/09 16:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\Konfiguration\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011/04/09 15:21:32 | 000,000,020 | -HS- | M] () -- C:\Users\Konfiguration\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/16/2012 12:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konfiguration\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.25 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 74.29% Memory free
6.50 Gb Paging File | 5.37 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900.41 Gb Total Space | 741.99 Gb Free Space | 82.41% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 12.52 Gb Free Space | 41.73% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DESKNEU | User Name: Konfiguration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0634960F-1E4E-DC4B-1DB5-F2F08876ACF4}" = Catalyst Control Center Localization All
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{212C88D2-4552-2D93-B7A3-4E1F2AF6A8C2}" = CCC Help Swedish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{255CCFF0-B271-4CAD-6635-495C1DCC6BB3}" = ccc-utility
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2c2f4c57-83a8-4790-a281-e83d306a9199}" = Gigaset QuickSync
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{408CD2E8-3977-449B-8102-76F158D4885F}" = Oracle VM VirtualBox 4.0.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F8095EB-53CD-9F17-820D-4898EC1A9FE8}" = CCC Help Japanese
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{586647DB-C4AC-6691-FD95-9A1B3B603502}" = ATI Catalyst Install Manager
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77B7AA9B-EF4A-8796-8A83-CE56DD76ECA8}" = CCC Help Norwegian
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{898214AC-F58D-D2EB-5E00-6A46608E06A4}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92416F19-9B58-841E-463C-A152825838C0}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C79033-A7C5-34E8-9E01-EB1FD751D358}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B38FD782-EE99-9FA8-CBFC-009F3D89F5D8}" = CCC Help Italian
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6A6D550-53E2-49F2-AB47-2EA3262B369D}" = JoGoVEREIN
"{B74B7AA4-6A82-9DE4-9DA0-3B1D13D447E4}" = Catalyst Control Center InstallProxy
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C0E743EE-0C91-1C11-2D6B-C4C403C49725}" = CCC Help German
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3ADBF61-28D8-C4AA-BA9D-06BFAC717428}" = CCC Help French
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9A28461-B9AB-DFC0-56E1-851C1A7C69FE}" = CCC Help English
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D24A09D2-3CF5-619E-9FB1-3479B9E51F66}" = Catalyst Control Center Graphics Previews Vista
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25F1ECC-3A4E-9FBF-CA0D-86E499CFB242}" = CCC Help Dutch
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EDF74FF5-A6B0-7C7C-2234-0EC90D72C644}" = CCC Help Finnish
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript" = GPL Ghostscript
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Speccy" = Speccy
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/10/2011 4:09:08 AM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/11/2011 1:55:04 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/11/2011 1:55:31 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 12/11/2011 1:56:20 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/12/2011 4:49:49 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/12/2011 4:50:21 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 12/12/2011 4:51:18 PM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/14/2011 2:43:13 AM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/14/2011 2:43:44 AM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 12/14/2011 2:44:28 AM | Computer Name = DeskNeu | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 3/26/2012 1:44:19 PM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 3/28/2012 6:48:34 PM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 3/28/2012 7:02:08 PM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 3/29/2012 1:08:47 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 3/29/2012 8:29:24 AM | Computer Name = DeskNeu | Source = WMPNetworkSvc | ID = 866314
Description =
Error - 3/30/2012 1:29:50 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 4/2/2012 4:03:19 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 4/13/2012 1:21:34 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 4/15/2012 3:46:09 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 4/16/2012 2:33:03 AM | Computer Name = DeskNeu | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
|
|
16.04.2012, 12:12
| #6 | |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-FehlermeldungCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Bundespolizeitrojaner / ch810.exe-Fehlermeldung |
|
16.04.2012, 13:01
| #7 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Danke, habe ich gemacht. Interessanterweise war Firefox danach nicht mehr als Standardbrowser festgelegt. Dass Combofix einen startup-link gelöscht hat, der offensichtlich mit meinem Problem zusammen hing, steht ja gleich ganz oben. Einen klaren Endpunkt hat das Programm nicht gezeigt. Obwohl nicht dazu aufgefordert, habe ich das System neu gebootet (einige Dienste waren abgeschaltet, so kam ich auch nicht mehr direkt an die Reaktivierung des Virenschutzes heran). Das System ist auch sauber gestartet. Hier die Details: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-16.01 - Konfiguration 16.04.2012 13:42:34.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.1972 [GMT 2:00]
ausgeführt von:: c:\users\Konfiguration\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Konfiguration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-16 bis 2012-04-16 ))))))))))))))))))))))))))))))
.
.
2012-04-16 09:14 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70654D8B-AC4E-455D-80AE-CBB1F3D89CCA}\mpengine.dll
2012-04-11 00:03 . 2012-04-11 00:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-09 07:08 . 2012-04-09 07:21 -------- d-----w- c:\users\Konfiguration\AppData\Roaming\gtk-2.0
2012-04-09 07:08 . 2012-04-09 07:08 -------- d-----w- c:\users\Konfiguration\.thumbnails
2012-04-09 07:06 . 2012-04-09 07:21 -------- d-----w- c:\users\Konfiguration\.gimp-2.6
2012-04-09 07:05 . 2012-04-09 07:05 -------- d-----w- c:\program files\GIMP-2.0
2012-03-30 05:30 . 2012-04-13 20:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 06:40 . 2012-03-18 06:40 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 06:40 . 2012-03-18 06:40 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 20:17 . 2011-05-16 04:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-04-22 07:50 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-09 16:27 . 2011-08-28 13:57 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 21:04 . 2012-02-10 21:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C577A32-A054-48E6-8863-C7CEE8B6C9BF}\gapaengine.dll
2012-01-31 12:44 . 2010-07-06 21:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:44 . 2012-03-14 20:08 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44 . 2012-03-14 20:08 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 06:40 . 2011-04-09 14:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 62592]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 24192]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 160560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 44784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 30464]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 122032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Konfiguration\AppData\Roaming\Mozilla\Firefox\Profiles\89e6vabj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-16 13:47:57
ComboFix-quarantined-files.txt 2012-04-16 11:47
.
Vor Suchlauf: 5 Verzeichnis(se), 796.711.587.840 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 797.268.111.360 Bytes frei
.
- - End Of File - - 76D6A23C1FC7240F1F60B58C0A9B9E77
|
|
16.04.2012, 15:12
| #8 |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-Fehlermeldung ja, cf stellt einige einstellungen auf standard, aber sollte ja eig kein problem sein den ff wieder als standard browser festzulegen :-) malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2012, 18:11
| #9 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Fertig. Allerdings hat zwischendrin MS Security Essentials einmal angeschlagen: einen Java Exploit erkannt, den es dann auch automatisch entfernt hat (ich hab nichts gemacht, Ehrenwort! :-) ). Hier ist das Log von Malwarebytes: Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.04.16.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Konfiguration :: DESKNEU [Administrator] 16.04.2012 16:51:43 mbam-log-2012-04-16 (16-51-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 334756 Laufzeit: 1 Stunde(n), 56 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Konfiguration\Downloads\SoftonicDownloader_fuer_7-zip.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
16.04.2012, 18:51
| #10 |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-Fehlermeldung verzichte in zukunft auf Softonic poste mir die ms essencials meldung
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2012, 19:11
| #11 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Das Warnfenster, in dem unter roter Überschrift zu sehen war, dass ein Java Exploit gefunden wurde hatte ich stehen lassen - und dann plötzlich war die Überschrift grün und es steht dort "Die erkannten Elemente wurden von Security Essentials automatisch entfernt." Im Text steht nur noch "Zum Schutz des Computers wurden diese Bedrohungen von Security Essentials automatisch entfernt." Die nachstehende Liste - sozusagen der Inhaltsbereich - ist aber leer. Der Button "Details anzeigen" führt ebenfalls zu einer leeren Liste. Ich habe sonst nichts versucht - ob hier ein Log gelaufen ist, den man auslesen kann, weiß ich mal wieder nicht. Softonic benutze ich nicht bewusst - als installiertes Programm habe ich das nicht gefunden, dementsprechend auch nicht deinstallieren können. Tut mir Leid, diesmal kein doller Schritt voran von mir... Danke schon mal für Deine Hilfe bis hier. |
|
16.04.2012, 19:31
| #12 |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-Fehlermeldung gehe mal zu: C:\Dokumente und Einstellungen\Username\Anwendungsdaten\Sun\Java\De ployment\ dort rechtsklick auf den ordner cache packe den mit winrar zip oder nem anderen archivierungsprogramm File-Upload.net - Ihr kostenloser File Hoster! dort das archiv hochladen, link an mich als private nachicht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2012, 20:02
| #13 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Ich finde das leider nicht - diese virtuellen Speicherorte, die es wohl schon seit Vista gibt, habe ich nie verstanden. Bei meinem erstern Rechner, einem 386'er mit 1 MB RAM ("load umb...") habe ich das Dateiablagesystem noch kapiert, aber hier - --- mein Windows verbirgt die Dateiablage recht erfolgreich vor mir. Tut mir, Leid, ich brauche sogar hierfür Unterstützung... |
|
16.04.2012, 20:05
| #14 |
| /// Malware-holic | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Windows 7: Versteckte Dateien und Ordner sichtbar machen | Computerspezi falls du es wieder nicht findest, sag mir worann es scheitert
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2012, 20:59
| #15 |
| | Bundespolizeitrojaner / ch810.exe-Fehlermeldung Danke. Aber so richtig finde ich mich nicht durch: Du hast mir den Pfad C:\Dokumente und Einstellungen\Username\Anwendungsdaten\Sun\Java\De ployment\ vorgegeben. Auf C:\ gibt es bei mir nicht einmal den obersten der von Dir angegebenen Ordner. Hier gibt es bei mir - auch nachdem ich die versteckten Dateien sichtbar gemacht habe - folgende Ordner zu sehen: ATI Benutzer CanoScan MSOCache ProgramData Programme Qoobox Recovery Windows Was "Username" aufgreift, gibt es unter dem Ordner "Benutzer", dort aber finde ich in den Unterordnern weder eine genaue, noch eine ungefähre Entsprechung zu dem Gesuchten. Mit einer Stichwortsuche nach "Deployment" fand ich schließlich eine Struktur, die es sein könnte: C:\Benutzer\Konfiguration\AppData\LocalLow\Sun\Java\Deployment Dort finde ich einen Ordner "Cache", den ich jetzt hochgeladen habe. Der Link müsste jetzt per PN bei Dir sein. Geändert von Win7Neuling (16.04.2012 um 21:13 Uhr) |
|
| Themen zu Bundespolizeitrojaner / ch810.exe-Fehlermeldung |
| acrobat update, adobe, bildschirm, bundespolizeitrojaner, cpu, defender, device driver, document, error, fehlermeldung, firefox, flash player, google, helper, home, kis, microsoft security, microsoft security essentials, mozilla, outlook 2010, plug-in, problem, realtek, rundll, security, software, starten, super, svchost.exe, system, trojaner, trojaner-board, usb, usb 2.0, virtualbox, windows, windows 7 home |
Hybrid-Darstellung
