|
Plagegeister aller Art und deren Bekämpfung: keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.05.2012, 20:06 | #1 |
| keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt. Hallo und guten Abend, mich bzw. meinen PC hat es auch erwischt. Das Hintergrundbild ist schwarz, meine Dateien sind nicht mehr sichtbar und ich weiß ab jetzt nicht mehr weiter. Mir wird ein SmartHDD-Programm für 85 Dollar angeboten um den "System-Fehler" zu reparieren. Gleichzeitig kommen Fehlermeldungen auf den Bildschirm. Da ich durch Tante Google hier gelandet bin, freue ich mich auf eure Hilfe. Zum ersten habe ich die beiden Dateien von OTL hier angehängt. Bei Fragen bin ich hier erreichbar. OTL.txt Code:
ATTFilter OTL logfile created on: 31.05.2012 20:43:46 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = E:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,38% Memory free 7,73 Gb Paging File | 6,04 Gb Available in Paging File | 78,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,06 Gb Total Space | 5,21 Gb Free Space | 13,33% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 18,79 Gb Free Space | 82,94% Space Free | Partition Type: NTFS Drive E: | 303,94 Gb Total Space | 96,90 Gb Free Space | 31,88% Space Free | Partition Type: NTFS Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LAPTOP_BD | User Name: **** | Logged in as ****. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - d:\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - d:\Allway Sync\Bin\SyncService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Sina\AppData\LocalLow\PaybackToolbar32\bin\PaybackWorker_1_0_2\PaybackWorker.exe (PAYBACK GmbH) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\PLFSetI.exe () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- d:\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TeamViewer6) -- d:\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (BotkindSyncService) -- d:\Allway Sync\Bin\SyncService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (OpenVPNService) -- d:\OpenVPN\bin\openvpnserv.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (jsvvuhqq) -- C:\Windows\SysNative\drivers\jsvvuhqq.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=4847da3f00000000000000ff80e1bfcf IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD BA 47 F8 37 D9 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=4847da3f00000000000000ff80e1bfcf IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE467 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: d:\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.09 18:35:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: d:\Thunderbird\components [2012.01.15 19:52:08 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.09 18:35:28 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.01.22 21:01:44 | 000,001,901 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.nero.com O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html O1 - Hosts: 127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html O1 - Hosts: 127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 O1 - Hosts: 127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html O1 - Hosts: 127.0.0.1 my.nero.com O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp O1 - Hosts: 127.0.0.1 activation@nero.com O1 - Hosts: 127.0.0.1 registernero.com O1 - Hosts: 127.0.0.1 www.registernero.com O1 - Hosts: 127.0.0.1 nero.com O1 - Hosts: 127.0.0.1 www.nero.com/eng/privacy.html. O1 - Hosts: 127.0.0.1 legal@nero.com O1 - Hosts: 127.0.0.1 support.nero.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_SBC1E.tmp" /EF "HKCU" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE3FD364-B246-4770-BCC2-BDD3444438DA}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.21 10:06:07 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.31 20:41:20 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jsvvuhqq.sys [2012.05.30 18:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2012.05.30 18:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ! [2012.05.30 18:22:03 | 000,970,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70u.dll [2012.05.30 18:22:03 | 000,070,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL [2012.05.30 18:22:03 | 000,060,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll [2012.05.30 18:22:02 | 000,980,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll [2012.05.30 18:22:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\ISDNWatch [2012.05.30 18:22:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.05.26 22:04:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.26 20:14:34 | 000,061,952 | ---- | C] (OLYMPUS Software Europe GmbH) -- C:\Windows\SysWow64\twiz32.ocx [2012.05.26 20:14:33 | 000,667,136 | ---- | C] (OLYMPUS Software Europe GmbH) -- C:\Windows\SysWow64\oik32.ocx [2012.05.26 20:14:33 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.05.26 20:14:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGDE.DLL [2012.05.14 19:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects [2012.05.13 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusweisApp [2012.05.12 22:26:26 | 000,000,000 | -H-D | C] -- C:\StarMoney [2012.05.12 19:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.12 19:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.05.12 07:57:28 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.12 07:57:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.12 07:57:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.12 07:57:25 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.05.31 20:41:20 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jsvvuhqq.sys [2012.05.31 20:39:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.31 20:34:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 20:34:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 20:25:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.31 20:24:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 20:24:53 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 19:11:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.31 11:52:12 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-kKmJRQgCsMfFAfr [2012.05.31 11:52:12 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-kKmJRQgCsMfFAf [2012.05.31 11:51:55 | 000,000,256 | -H-- | M] () -- C:\ProgramData\kKmJRQgCsMfFAf [2012.05.31 11:09:34 | 000,263,680 | -H-- | M] ( ) -- C:\ProgramData\kKmJRQgCsMfFAf.exe [2012.05.31 10:56:02 | 000,359,936 | -H-- | M] ( ) -- C:\ProgramData\MPhdrLOCYlCaln.exe [2012.05.31 07:05:43 | 000,422,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.30 18:26:56 | 000,007,918 | -H-- | M] () -- C:\Users\****\Documents\cc_20120530_182650.reg [2012.05.30 18:26:09 | 000,000,559 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.30 18:22:23 | 000,000,558 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk [2012.05.27 17:27:34 | 000,003,282 | -H-- | M] () -- C:\Users\****\Documents\cc_20120527_172721.reg [2012.05.26 20:48:59 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Die große CD-Druckerei.lnk [2012.05.20 08:14:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.20 08:14:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.20 08:14:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.20 08:14:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.20 08:14:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.13 16:54:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.05.08 17:27:49 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 17:27:49 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.05 11:49:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 11:49:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 11:49:08 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2012.05.31 11:10:05 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-kKmJRQgCsMfFAfr [2012.05.31 11:10:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-kKmJRQgCsMfFAf [2012.05.31 11:09:52 | 000,000,256 | -H-- | C] () -- C:\ProgramData\kKmJRQgCsMfFAf [2012.05.31 11:09:34 | 000,263,680 | -H-- | C] ( ) -- C:\ProgramData\kKmJRQgCsMfFAf.exe [2012.05.31 10:58:28 | 000,359,936 | -H-- | C] ( ) -- C:\ProgramData\MPhdrLOCYlCaln.exe [2012.05.31 07:05:30 | 000,422,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.30 18:26:55 | 000,007,918 | -H-- | C] () -- C:\Users\****\Documents\cc_20120530_182650.reg [2012.05.30 18:22:23 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk [2012.05.27 17:27:32 | 000,003,282 | -H-- | C] () -- C:\Users\****\Documents\cc_20120527_172721.reg [2012.05.26 20:14:45 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Die große CD-Druckerei.lnk [2012.05.26 20:14:34 | 000,003,027 | ---- | C] () -- C:\Windows\dbcddfmt.ini [2012.05.13 16:54:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.01.29 12:26:38 | 000,000,461 | ---- | C] () -- C:\Windows\wiso.ini [2012.01.22 14:13:14 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012.01.15 21:37:53 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.01.15 21:37:53 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini [2012.01.15 21:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2012.01.15 20:39:14 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.01.15 20:39:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.01.15 20:39:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.01.15 20:39:14 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.01.15 20:39:14 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.01.15 20:39:14 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.01.15 20:39:14 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.01.15 20:39:14 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.01.15 20:39:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.01.15 20:39:14 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.01.15 20:39:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.01.15 20:39:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.01.15 20:39:14 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.01.15 20:39:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.01.15 20:39:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.01.15 20:39:14 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.01.15 20:39:14 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.01.15 20:39:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.01.15 20:39:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.01.15 18:25:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.05.2012 20:43:46 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = E:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,38% Memory free 7,73 Gb Paging File | 6,04 Gb Available in Paging File | 78,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,06 Gb Total Space | 5,21 Gb Free Space | 13,33% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 18,79 Gb Free Space | 82,94% Space Free | Partition Type: NTFS Drive E: | 303,94 Gb Total Space | 96,90 Gb Free Space | 31,88% Space Free | Partition Type: NTFS Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LAPTOP_BD | User Name: **** | Logged in as ****. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "d:\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "d:\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "d:\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "d:\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05D382E7-5022-4527-9FF1-EA8C310FAD5D}" = lport=137 | protocol=17 | dir=in | app=system | "{0BC1436B-DD0B-420F-8157-F4DB93F156D0}" = rport=137 | protocol=17 | dir=out | app=system | "{136D87E3-956D-4597-8A7A-E8E4B7B1E26D}" = rport=139 | protocol=6 | dir=out | app=system | "{1531BC32-E15D-4557-8A0B-CB115CE2CE4C}" = lport=445 | protocol=6 | dir=in | app=system | "{199744B6-6989-427A-8543-1F197CFDD46F}" = rport=138 | protocol=17 | dir=out | app=system | "{43E5FA56-E8F8-4771-94A3-76E1C25828F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{449B7F43-AC8B-49E8-B5E2-77258BBBB7B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4751D1A8-19AC-43E9-8BCD-43AE55718DEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4A1BDDF7-E156-47E5-A700-4F9604927166}" = rport=10243 | protocol=6 | dir=out | app=system | "{5278F99B-EEA8-4E90-A350-B613B99852E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D28FD95-C875-4B39-8D04-3546B8D63145}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6E1C8CA1-00CD-46FE-A8B0-41CCA80AA4F4}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D8C6C3D-CE23-4F20-A672-0B1A78487B55}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{87885B5F-0808-41C8-9890-69012DB450C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{89096961-397D-4CFF-AA92-754E6BF2600B}" = lport=139 | protocol=6 | dir=in | app=system | "{96048B8A-770A-462A-BD2B-29E44E33EF58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ABE11154-024D-47DD-B963-CF454A7B98BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C081E368-CAFC-41A8-BA59-CC730121F6E9}" = lport=138 | protocol=17 | dir=in | app=system | "{C5AEBB39-F198-4078-8CB4-5992FD01BE87}" = lport=10243 | protocol=6 | dir=in | app=system | "{E49EB5FB-F241-4B89-BDA0-821CBA2BD936}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8B74B54-2702-4342-AA5A-97C118A139A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE65A3C6-9B99-4A7B-904F-3973FB24C0DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F8D38E12-3997-4744-8B9D-6A4AB3FBF99A}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0069905F-8DD0-4B91-9225-B89451D8E598}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{014CD6DC-5735-4B3C-8E45-5305EB3FFE72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{018CCE8E-EC4A-447C-BEB6-D3F79F9D3D23}" = protocol=6 | dir=in | app=d:\teamviewer\teamviewer.exe | "{02986E41-19A2-4D98-8998-4F089C4AD925}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{07262A2A-BE72-476B-A05A-540984CD3BD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C090AE4-6A1C-4209-B457-99086BA885CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0EA295AD-71E7-4C19-8D17-AF1E08558A57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2706D293-082C-48B7-812B-DA3B5DD49E9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{35E1D944-5EA9-4156-A7F5-70266F3B1900}" = protocol=17 | dir=in | app=d:\fritz!fax\igd_finder.exe | "{3B1599C5-68B2-4618-9172-23B9793718BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3C26FEEA-FE1F-4154-AA7A-CF55F091AFD4}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{47606B9B-266F-4F0C-AE71-99F3C6635054}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{47BAB15A-D235-4CE4-8700-B80C0CE43A13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4933ABD0-1C02-460B-9A35-AFA1773D25E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{568B3BDB-DE72-41BC-881E-CCBC71382B7D}" = protocol=6 | dir=out | app=system | "{7264D6FF-1F4E-473E-8CE2-4E10AC79B1D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7D7E548E-5359-40A8-BC2F-5B7B5E15DB44}" = protocol=17 | dir=in | app=d:\teamviewer\teamviewer_service.exe | "{8D71EEC8-413A-4D44-962A-4ED7F3FB6A67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{97815022-6459-4174-8DD6-E645F119B3F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B3864FF-40F4-4452-8FDA-05D289D25601}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A21E37F3-CA90-4EE0-A802-26C723BA91D6}" = protocol=6 | dir=in | app=d:\teamviewer\teamviewer_service.exe | "{A5D69708-CE25-4123-B70C-57E7EF35A3B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ACB85934-8078-47E8-B582-ACE7AA683F73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B038A317-9E86-404A-BBC6-41E7C5A609A6}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{B1978059-94A4-4E36-8541-8539589E613E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BFE1DB2D-9EF5-47FE-86E8-13315BFCF424}" = protocol=17 | dir=in | app=d:\teamviewer\teamviewer.exe | "{CB1A70EC-6C1B-4BC5-990A-BDB2D4A27DFD}" = protocol=6 | dir=in | app=d:\fritz!fax\igd_finder.exe | "{CD4CC34F-A1F5-477E-9190-89E03F96C068}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{13D23F52-1D00-4AE3-95DB-07C621CBF794}D:\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\java\bin\javaw.exe | "TCP Query User{34E9F8D9-8771-419C-B5C1-A4F68BD46E0C}D:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{3BCF780E-F021-41AD-A95F-42D25BE325A0}D:\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=d:\openvpn\bin\openvpn.exe | "TCP Query User{43984547-363E-4491-9377-9B5AC2D6F7C4}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | "TCP Query User{558EF0B5-F169-484B-9B56-C239FC29A154}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{764DCA29-30E3-420D-B0EE-5343F2607F9F}D:\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\java\bin\javaw.exe | "TCP Query User{8DC95858-B5CF-42FB-A710-D0827B917A79}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{94383362-6EA4-401D-89F3-DC788DE258E7}D:\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=d:\fritz!fax\frifax32.exe | "TCP Query User{9F4ECDD4-417C-46EB-9EE7-021969197D21}\\fritz.box\fritz.nas\wd-exthdd1021-05\markus\fritz!box\pikachus_tools\avm_capi_test.exe" = protocol=6 | dir=in | app=\\fritz.box\fritz.nas\wd-exthdd1021-05\markus\fritz!box\pikachus_tools\avm_capi_test.exe | "TCP Query User{A0F70CE9-9EB2-4A8F-B8D3-A6DC570FE959}E:\spiele\siedler_5\bin\settlershok.exe" = protocol=6 | dir=in | app=e:\spiele\siedler_5\bin\settlershok.exe | "TCP Query User{B5B95F7A-C0FD-4E19-B563-5F28030F3386}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | "TCP Query User{D021CD0F-B089-4C0C-AD74-3A23EEC452B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{09CFA0B6-E0EE-48FC-8531-89FD7437BE0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{18CD633F-C708-4155-B2A9-341E22B295DE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2C09F183-8104-40F5-801E-6C918A92A524}D:\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\java\bin\javaw.exe | "UDP Query User{3458AE9D-42A2-4C6A-85DF-A71A266D26EF}E:\spiele\siedler_5\bin\settlershok.exe" = protocol=17 | dir=in | app=e:\spiele\siedler_5\bin\settlershok.exe | "UDP Query User{5C13FB09-0877-4FBE-B9AB-BB41B5DF0D11}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7400E46B-8345-4A22-AC6B-3D8E22A5E099}D:\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\java\bin\javaw.exe | "UDP Query User{76C4C10D-9D56-4E58-9B63-71BAB140C7E8}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | "UDP Query User{7E3818E0-AA41-4A4D-A0D2-F45C4C71D22A}D:\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=d:\openvpn\bin\openvpn.exe | "UDP Query User{A1F10CA8-C978-4D5A-B231-DB98FFE7C744}C:\program files (x86)\fritz!vox\fritz!vox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!vox\fritz!vox.exe | "UDP Query User{A80454A8-5D4E-4E1A-9A97-AD6A0E199045}\\fritz.box\fritz.nas\wd-exthdd1021-05\markus\fritz!box\pikachus_tools\avm_capi_test.exe" = protocol=17 | dir=in | app=\\fritz.box\fritz.nas\wd-exthdd1021-05\markus\fritz!box\pikachus_tools\avm_capi_test.exe | "UDP Query User{AF4D7D07-B0E0-4FE5-ACD0-8BD091CDA82F}D:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{B4106DA1-5D50-4CB9-925E-1D92238A2871}D:\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=d:\fritz!fax\frifax32.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D264B63-C7BD-42A0-98DC-9181620BB758}_is1" = PVRCopyNet 2.8 "{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney "{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista "{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4F8697F4-3D30-4BD0-8F26-455C01F4EE8B}" = Integrity Tool "{525BE4C7-924C-421D-AB71-466DF74FE735}" = AusweisApp "{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese "{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian "{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7121136B-462F-46F7-8FC0-6A35E8DC2D5B}" = DDBAC "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese "{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish "{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish "{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French "{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard "{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4 "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish "{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All "{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3735A21-9461-41FE-BA58-5378B95C2014}" = DDBAC "{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian "{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light "{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish "{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek "{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336 "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish "{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE56DCD1-13FD-435B-BC4C-EE8CD83FF17A}" = AusweisApp "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking "{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "5513-1208-7298-9440" = JDownloader 0.9 "Allway Sync_is1" = Allway Sync version 12.0.12 "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBoxAnswerMachine" = AVM FRITZ!vox "BabylonToolbar" = Babylon toolbar on IE "DAEMON Tools Lite" = DAEMON Tools Lite "DATA BECKER - Die große CD-Druckerei" = DATA BECKER - Die große CD-Druckerei "Denken und Rechnen 2" = Denken und Rechnen 2 "DVDFab 8 Qt_is1" = DVDFab 8.1.6.8 (17/03/2012) Qt "EPSON Scanner" = EPSON Scan "foobar2000" = foobar2000 v1.1.11 "FreePDF_XP" = FreePDF (Remove only) "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14 "MKVToolNix" = MKVToolNix 5.4.0 "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "Mp3tag" = Mp3tag v2.49a "MPE" = MyPhoneExplorer "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Nokia Suite" = Nokia Suite "Nvu_is1" = Nvu 1.0 "OpenVPN" = OpenVPN 2.2.1 "PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.1 "Picasa 3" = Picasa 3 "PRO" = Microsoft Office Professional 2007 "Smart Defrag 2_is1" = Smart Defrag 2 "TeamViewer 7" = TeamViewer 7 "Totalcmd" = Total Commander (Remove or Repair) "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 2.0.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > AirP. |
01.06.2012, 15:17 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt. Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
01.06.2012, 18:18 | #3 |
| keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt. Hallo cosinus,
__________________danke ersteinmal für Deine Hilfe. Hier ist der Bericht von Malwarebyte (keine Funde): Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Administrator :: LAPTOP_BD [Administrator] Schutz: Aktiviert 01.06.2012 16:25:56 mbam-log-2012-06-01 (16-25-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 459494 Laufzeit: 1 Stunde(n), 18 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5237af340dc6a44fa62da0a792a94d73 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-01 05:17:03 # local_time=2012-06-01 07:17:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 11926419 11926419 0 0 # compatibility_mode=5893 16776573 100 94 21190 90195694 0 0 # compatibility_mode=8192 67108863 100 0 103 103 0 0 # scanned=181317 # found=12 # cleaned=0 # scan_time=5180 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y659VRMZ\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YREIKLR7\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\701267JO\firstload_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQ7GRFGL\firstload_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Sina\PDFCreator\message.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I E:\gtk2121-setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I Code:
ATTFilter Typ: Datei Quelle: C:\Users\Sina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4688586e-319dc08a Status: Infiziert Quarantäne-Objekt: 569c4dc0.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.174 Meldung: TR/Dldr.Karagany.I.10 Datum/Uhrzeit: 01.06.2012, 17:39 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Skype\SkypePM.exe Status: Infiziert Quarantäne-Objekt: 56e348f7.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.174 Meldung: TR/Winlock.EU Datum/Uhrzeit: 01.06.2012, 17:37 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Temp\lFlPHeL5D0ztJG.exe.tmp Status: Infiziert Quarantäne-Objekt: 56357b13.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:35 Typ: Datei Quelle: C:\ProgramData\MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 56766359.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:08 Typ: Datei Quelle: C:\ProgramData\kKmJRQgCsMfFAf.exe Status: Infiziert Quarantäne-Objekt: 4ebc4044.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:04 Typ: Datei Quelle: C:\ProgramData\MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 4db674d7.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:04 Typ: Datei Quelle: C:\ProgramData\MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 56306ffd.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:04 Typ: Datei Quelle: C:\ProgramData\MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 5521630d.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 22:04 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{1C3C5CF7-A3D7-C7C9-275C-49F9F6CF3D17}-MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 3fa77304.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{7874A380-B127-64A1-C7F8-76C697E5A901}-kKmJRQgCsMfFAf.exe Status: Infiziert Quarantäne-Objekt: 65d65e34.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{08E47CDD-6EC8-D3E3-4027-6F2E2C4B9DDA}-kKmJRQgCsMfFAf.exe Status: Infiziert Quarantäne-Objekt: 5f494162.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{81729B7F-AF75-BD91-7A03-CF37078C1DA9}-MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 03e611f7.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A0706795-F9DF-B50D-E532-3B12C7686AA2}-MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 51b64b60.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{C744554A-6D93-E10D-3821-D90094CB07C1}-kKmJRQgCsMfFAf.exe Status: Infiziert Quarantäne-Objekt: 492864c5.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 21:50 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{77FF51E3-B63A-555B-418B-7F20AE2DC5F2}-kKmJRQgCsMfFAf.exe Status: Infiziert Quarantäne-Objekt: 52693b74.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 20:42 Typ: Datei Quelle: C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DCED8C5D-8747-7A39-0A9B-BA85615F3753}-MPhdrLOCYlCaln.exe Status: Infiziert Quarantäne-Objekt: 550a14de.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.78 Virendefinitionsdatei: 7.11.31.162 Meldung: TR/Crypt.XPACK.Gen5 Datum/Uhrzeit: 31.05.2012, 20:42 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Temp\YUDZHZyqnozUMv.exe Status: Infiziert Quarantäne-Objekt: 560b9d6f.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.74 Virendefinitionsdatei: 7.11.31.130 Meldung: TR/Crypt.XPACK.Gen Datum/Uhrzeit: 31.05.2012, 11:00 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Temp\~!#F344.tmp Status: Infiziert Quarantäne-Objekt: 529acd69.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.68 Virendefinitionsdatei: 7.11.31.32 Meldung: TR/Barys.2787.1 Datum/Uhrzeit: 27.05.2012, 17:30 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Temp\~!#F131.tmp Status: Infiziert Quarantäne-Objekt: 4a0de2ce.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.68 Virendefinitionsdatei: 7.11.31.32 Meldung: TR/Winlock.EU Datum/Uhrzeit: 27.05.2012, 17:30 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Temp\tempfiles.exe Status: Infiziert Quarantäne-Objekt: 5630e14e.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.68 Virendefinitionsdatei: 7.11.31.32 Meldung: TR/Dldr.Karagany.I.10 Datum/Uhrzeit: 27.05.2012, 17:30 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J8FB8Z1U\setup[1].exe Status: Infiziert Quarantäne-Objekt: 4d6cbde4.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.68 Virendefinitionsdatei: 7.11.30.66 Meldung: ADWARE/Adware.Gen Datum/Uhrzeit: 17.05.2012, 16:08 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J8FB8Z1U\setup[1].exe Status: Infiziert Quarantäne-Objekt: 55fbaa3f.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.68 Virendefinitionsdatei: 7.11.30.66 Meldung: ADWARE/Adware.Gen Datum/Uhrzeit: 17.05.2012, 16:08 Typ: Datei Quelle: C:\Users\Sina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\6b9363b7-51528c52 Status: Infiziert Quarantäne-Objekt: 4affa87e.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.64 Virendefinitionsdatei: 7.11.29.212 Meldung: EXP/10-0840.P.1 Datum/Uhrzeit: 14.05.2012, 15:27 Typ: Datei Quelle: C:\Users\Sina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\59085a61-656108cb Status: Infiziert Quarantäne-Objekt: 526387f0.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.64 Virendefinitionsdatei: 7.11.29.212 Meldung: EXP/2010-0840.CR Datum/Uhrzeit: 14.05.2012, 15:27 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7YQEZX5M\pferdegeburtstag[1].htm Status: Infiziert Quarantäne-Objekt: 56166dc9.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.64 Virendefinitionsdatei: 7.11.29.212 Meldung: JS/iFrame.rex Datum/Uhrzeit: 14.05.2012, 10:45 Typ: Datei Quelle: C:\Users\Sina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U83IIH8C\pferdegeburtstag-mitgebsel[1].htm Status: Infiziert Quarantäne-Objekt: 2b3961a6.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.64 Virendefinitionsdatei: 7.11.29.212 Meldung: JS/iFrame.rex Datum/Uhrzeit: 14.05.2012, 10:36 Typ: Datei Quelle: E:\Transfer\Lexware_Quicken_Home_and_Business_2012_v19.0_GERMAN-CYGiSO\Lexware_Quicken_Home_and_Business_2012_v19.0_GERMAN-CYGiSO\lexware_quicken_home_and_business_2012_v19.0_german-patch.exe Status: Infiziert Quarantäne-Objekt: 554861a2.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.58 Virendefinitionsdatei: 7.11.29.31 Meldung: TR/Offend.7014939.CV Datum/Uhrzeit: 03.05.2012, 20:02 AirP. |
02.06.2012, 17:14 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt.Zitat:
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu keine Dateien; schwarzer Hintergrund - mich hat es auch erwischt. |
antivir, avira, babylon toolbar, babylontoolbar, becker, bho, desktop, error, excel, firefox, flash player, format, frage, google, helper, home, iexplore.exe, install.exe, installation, jdownloader, langs, lexware, logfile, microsoft office word, mp3, myphoneexplorer, object, office 2007, olympus, plug-in, realtek, remote control, rundll, scan, searchscopes, security, software, svchost.exe, total commander, windows |