| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Variante vom 16.05.2012Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2012, 21:01
| #1 |
 |  GVU Trojaner - Variante vom 16.05.2012 Hallo Trojaner-Board Experten, eine Bekannte hat sich den GVU Trojaner mit 100 Euro Zahlungsaufforderung eingefangen, der laut eigener Recherche seit dem 16.05.2012 laut offizieller GVU Website im Umlauf sein soll. Das Betriebssytem ist Windows 7 Home Premium 64-Bit bevor ich es vergesse zu erwähnen. Ich habe Ihr eine Software installiert bei dieser Gelegenheit ist mir ihr veralteter Virenscanner aufgefallen. Deshalb habe ich Ihr den aktuellen Avira Free Antivirus installiert. Bevor ich zu später Stunde ging habe ich Ihr noch einen Komplettscan des neuen Antiviren Programmes angeschmissen. Ich habe Ihr zwar erklärt das bei Funde 0 drinstehen sollte dies hat Sie aber anscheinend nicht mehr realisiert. Es kam wie es kommen musste, ich bekam am nächsten Tag einen Anruf das da eine Zahlungsaufforderung mit 100 Euro auf dem Bildschirm erscheint und nichts mehr am PC funktioniert. Sie hatte fest behauptet das der Virenscanner beim Suchlauf nichts gefunden hatte !? Die Berichtsfunktion zeigt mir aber jetzt 8 Funde die ich aus der Quarantäne gelöscht habe. Ein LOG ist leider nicht verfügbar (hat evtl. der Virus gelöscht ?!). Hier aber die von Avira Free Antivirus gemeldeten 7 Schädlinge die ich dem Bericht noch entnehmen kann: EXP/JAVA.Ternub.Gen EXP/2012-0507.DY TR/Drop.Injector.fhdt JAVA/Dldr.Lamar.BD EXP/2012-0507.AW EXP/2012-0507.CW TR/Gataka.D.57 (dieser tauchte in zwei Dateien auf) Viele waren im Temp Ordner oder im Roaming Ordner sowie im Java Ordner. Wenn es relevant ist kann ich alle Funde in der Avira Berichtsform wie es mir vorliegt posten !? Als Sofortmaßnahme haben wir den PC "abgewürgt" und per Live CD mit Internetzugang gestartet. In dieser Systemumgebung habe ich mit Malwarebytes einen Komplett Scan gemacht - es wurden keine "Schädlinge" mehr gefunden. In der gleichen Systemumgebung habe ich anschliessend mit dem aktuellen ESET Free Online Scanner nach Viren suchen lassen, der fand auch nichts mehr, obwohl ich "Scan archives" und unter "advanced Settings" den Menüpunkt "Scan for potentially unsafe applications" mit eingeschalten hatte. Im Moment habe ich das Betriebssystem wieder im "Normalmodus" gestartet. Hier habe ich gleich Java und ALLE Adobe Anwendungen vorübergehend zur Sicherheit deinstalliert. Mit dem Microsoft Fix it 50195 habe ich den IE komplett zurückgesetzt: Für Interessierte kann man hier downloaden: hxxp://support.microsoft.com/kb/923737 Ich habe den Avira Free Antivirus sowie Malewarebytes und den ESET Free Online Scanner (nach oben angegeben Einstellungen) nacheinander mehrmals scannen lassen und ALLE "Virenscanner" haben bisher nichts mehr gefunden !? Die Frage stellt sich - bin ich schon Virenfrei ? Ich weiß Rootkits usw. - möchte aber das System nicht neu aufsetzen ! Ich möchte gerne wie in diesem Beitrag http://www.trojaner-board.de/69886-a...-beachten.html beschrieben ist vorgehen - ich denke Schaden kann ich damit keinen anrichten (!?): Ausser jemand hat noch eine bessere Idee damit ich sicher sein kann das der PC Virenfrei ist !? Meine Bekannte bräuchte den PC sehr dringend - vielleicht hilft mir ja jemand und sagt mir wie ich weiter verfahren soll !? Hier die "ausführliche" OTL.Txt Datei : Code:
ATTFilter OTL logfile created on: 05.07.2012 22:07:02 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,24% Memory free 7,83 Gb Paging File | 6,19 Gb Available in Paging File | 79,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 866,75 Gb Free Space | 95,63% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 19:04:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.21 23:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe PRC - [2011.03.21 23:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe PRC - [2011.03.16 05:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe PRC - [2010.10.05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.30 10:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.05 01:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2009.12.05 02:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009.12.05 01:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll MOD - [2007.12.31 19:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.03.16 05:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard) SRV - [2010.10.05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.23 02:38:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.23 02:38:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.23 02:23:30 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.09.23 02:23:30 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.21 23:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.04.08 15:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2010.03.23 03:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={114B4C55-1B71-4CCF-ACB7-5796C1095B97}&mid=456c55ad0a6b47d19fbd957ea080bf29-30d78395f92ec893880db6499e9bb7768678beb6&lang=de&ds=AVG&pr=fr&d=2011-11-21 16:54:19&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\windows\TEMP\E_SD2B9.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [UpgradeChecker] C:\Users\***\AppData\Roaming\TeamViewer\{984088A5-86E6-4BE6-8D33-845955219A02}\UpgradeChecker.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D303D80-0ADA-4BD8-881E-E809007212F9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 08:03:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012.07.04 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.04 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 19:44:58 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe [2012.07.04 09:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.03 01:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.07.02 21:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012.07.02 21:35:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012.07.02 21:35:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012.07.02 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.07.02 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.02 21:31:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.07.02 21:31:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.07.02 21:31:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher [2012.07.02 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data [2012.07.02 21:24:19 | 000,000,000 | ---D | C] -- C:\IDE [2012.07.02 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.07.02 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.07.02 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.07.02 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.02 21:07:50 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2012.07.02 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.07.02 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 [2012.07.02 21:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.07.02 21:05:42 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\Wartung [2012.07.02 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.07.02 21:02:27 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.07.02 21:00:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.25 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.06.21 22:28:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012.06.21 22:28:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012.06.21 22:28:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012.06.21 22:27:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012.06.21 22:27:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012.06.21 22:27:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012.06.21 22:27:24 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012.06.21 22:27:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012.06.14 23:51:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.06.14 23:51:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.06.14 23:51:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.06.14 23:51:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.06.14 23:51:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.06.14 23:51:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.06.14 23:51:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.06.14 23:51:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.06.14 23:51:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.06.14 23:51:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.06.14 23:51:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.06.14 23:51:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.06.14 23:51:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.06.14 21:48:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012.06.14 21:48:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012.06.14 21:48:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012.06.14 21:48:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.06.14 21:48:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.06.14 21:48:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.06.14 21:48:33 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012.06.14 21:48:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.06.14 21:48:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2011.09.23 02:22:53 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2012.07.05 21:19:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 21:19:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 20:43:46 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.07.05 20:43:46 | 000,654,150 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.07.05 20:43:46 | 000,616,032 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.07.05 20:43:46 | 000,130,022 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.07.05 20:43:46 | 000,106,412 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.07.05 19:35:22 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 19:35:22 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 19:02:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.05 18:53:08 | 000,147,029 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.07.05 18:52:43 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.07.05 18:52:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.05 18:52:33 | 3152,359,424 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 10:54:44 | 002,116,179 | ---- | M] () -- C:\tdsskiller.zip [2012.07.04 19:55:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 21:18:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.03 01:15:53 | 000,001,143 | ---- | M] () -- C:\Users\***\Desktop\eBay Startseite.website [2012.07.02 22:15:05 | 001,486,848 | ---- | M] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:26:21 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:17 | 000,100,352 | ---- | M] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:17:17 | 000,000,929 | ---- | M] () -- C:\windows\SysNative\dfboottime.cfg ========== Files Created - No Company Name ========== [2012.07.05 19:02:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.05 10:54:44 | 002,116,179 | ---- | C] () -- C:\tdsskiller.zip [2012.07.04 19:55:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 01:12:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 21:26:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:42 | 001,486,848 | ---- | C] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:13:45 | 000,100,352 | ---- | C] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:13:45 | 000,000,929 | ---- | C] () -- C:\windows\SysNative\dfboottime.cfg [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011.12.09 22:25:02 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.04 17:05:37 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.12.04 15:50:50 | 000,000,772 | ---- | C] () -- C:\windows\ODBCINST.INI [2011.09.23 02:57:46 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.09.23 02:57:46 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.09.23 02:04:13 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.11 03:53:38 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.02.12 21:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== LOP Check ========== [2012.06.13 23:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Beina [2011.11.14 00:49:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2011.12.04 16:58:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice [2012.07.02 21:00:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.07.04 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.12.04 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.04.02 21:21:54 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5430 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_4tasks-5-140287006 @Alternate Data Stream - 2862 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_0tasks-11955776701 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_3tasks-41187199609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_2tasks-3-249296213 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_1tasks-21900587292 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default993030672 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-992759298 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-988839974 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default987487481 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-986786623 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-981469920 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default975384127 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default974898139 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-964230741 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-962137113 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default961364690 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default959635901 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default957928005 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-956719291 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-941156179 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-929877205 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default919523619 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-919022867 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default917539611 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-904587278 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default902854795 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-902749851 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-898876787 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default896309962 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default891709122 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-889933384 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-87921001 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-864510077 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default844193383 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default842537018 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-837665007 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-833103918 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-811087657 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-80550393 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default803403097 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default782593109 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-77394613 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default762107976 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-760535131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default741882673 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-738336773 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default737759674 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-736008172 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-734800024 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default733308763 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default731000787 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726891968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726549684 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default721790111 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-703548097 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default696102640 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default669953622 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default668831569 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662568723 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662255696 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-659634986 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default65637546 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-645198256 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default642891521 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default637322369 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default622146066 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-619195131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-604740682 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601969881 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601829510 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-584166560 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-576006439 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-573039484 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-569553266 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default563192142 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-561165156 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-558562520 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default554006312 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default545724494 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default54427129 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default536090202 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-535536308 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514804993 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514554004 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default502912222 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-49294992 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-485957890 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default484436068 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default470955066 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-46847850 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-468040237 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-45117692 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-430267798 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default428250576 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default414014240 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-411800142 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-409126019 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-374851184 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-368254497 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355606591 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355065013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-351279218 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-323064050 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default308450659 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default307977968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default298820762 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289828614 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289246334 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default282924129 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-268334020 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default260289307 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default246181465 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default238544367 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default216723191 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2145372041 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2125849643 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2118978442 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2117264875 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default211346299 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2105551609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2095590135 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2072377935 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2070364806 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2064531986 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2061873476 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2046524449 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2042108278 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2022567949 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2013146028 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1989455457 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1988702234 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1959250980 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1946590947 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1931360949 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1891602019 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1883901222 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1875455323 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-185723541 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1843167520 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1840386937 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1839400103 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1839109831 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1836901595 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1835942961 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1835001651 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1834855209 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1833944197 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1813954899 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1807888660 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1805233887 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1770454810 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1764366232 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1760140089 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-174980855 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1742441381 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1738597676 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default173713172 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1721880950 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1695884423 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default169172528 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1684047200 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1678690224 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1672088968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1670512098 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1665875131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-166292680 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1662107299 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656307948 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656127055 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1643381164 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1633196364 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1631730104 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1631329884 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1621704239 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-158663338 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1579997113 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1577106845 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1564893078 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-155976811 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1551472473 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1536369382 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1528200013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1522535931 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1514857280 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-151245041 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1503504806 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1501586351 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1444205108 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1427093896 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1422959303 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1416846609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1408471963 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1404243526 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1402638046 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-140202020 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1376998509 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1366116650 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1360301193 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-135367251 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1350159718 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1338807475 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1327300982 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1317825313 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1282828711 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1281266633 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1263670147 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default125998658 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1247305167 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1244380244 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1240496054 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1238923644 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1218507792 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1197535532 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-119181932 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1188954925 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1186218840 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default117714038 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1169897999 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1162608358 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1160245177 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1155285268 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1145141523 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1132926931 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1128348031 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default111010633 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1101631123 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1099931417 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1072486842 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default107174514 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1046533619 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1042528317 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-103238553 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1025299384 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1025075596 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default102001588 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1008569388 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert975384127 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert844193383 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert767806421 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert662255696 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-401358790 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-355065013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert265139635 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1839109831 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1238923644 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1036223810 < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2012 22:07:02 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,24% Memory free
7,83 Gb Paging File | 6,19 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 866,75 Gb Free Space | 95,63% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23D3E724-745A-47BE-B02D-EA369EB9ABA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{90915600-EE3F-46F4-B5C8-940AA1315B0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6595B82-57C3-4865-AA0D-28F7C4A8677C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28B8C936-9C44-47C6-8099-FAE7384EB350}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3CD19768-E15F-49BA-B7FB-2765D4817D9B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FD77804-8D05-480A-A1BE-91CDBDA43980}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4248B9D3-4B9D-4764-BE84-FA679FCD1133}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{60354772-2898-4FF7-ACC3-459E4395F0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{651C8F1F-0FD4-4B56-9363-35F720D253F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A7B1A000-40B7-4C84-A3CD-A6BA2414777A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{21411A1D-11D7-42DF-880C-411B2396FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{89377761-9416-41F5-9B05-EB7EB7C129B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON SX130 Series" = Druckerdeinstallation für EPSON SX130 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 18:30:02 | Computer Name = ***-PC | Source = ESENT | ID = 439
Description = Windows (2008) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 02.07.2012 18:32:35 | Computer Name = ***-PC | Source = ESENT | ID = 490
Description = Windows (2008) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 02.07.2012 18:32:35 | Computer Name = ***-PC | Source = ESENT | ID = 439
Description = Windows (2008) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 02.07.2012 19:16:34 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 19:19:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 19:27:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 02:33:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 02:44:47 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 11:22:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 13:48:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.07.2012 15:58:30 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 15:58:50 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 18:00:30 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 02.07.2012 19:14:40 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 19:14:44 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 19:17:35 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 19:17:40 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 19:25:54 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 02.07.2012 19:25:59 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 02:31:24 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
< End of report >
Geändert von W.V (05.07.2012 um 21:31 Uhr) |
|
09.07.2012, 08:51
| #2 | |||
| /// Helfer-Team    |  GVU Trojaner - Variante vom 16.05.2012 Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
09.07.2012, 20:34
| #3 |
| | GVU Trojaner - Variante vom 16.05.2012 Hallo kira,
__________________so jetzt bin ich nach deiner Anleitung gegangen und habe OTL auf dem Desktop gespeichert und so ausgeführt wie Du beschrieben hast. Hier die "ausführliche" OTL.Txt Datei : Code:
ATTFilter OTL logfile created on: 09.07.2012 21:15:32 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 69,00% Memory free 7,83 Gb Paging File | 6,38 Gb Available in Paging File | 81,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 868,52 Gb Free Space | 95,83% Space Free | Partition Type: NTFS Drive D: | 264,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (cphs) Intel(R) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={114B4C55-1B71-4CCF-ACB7-5796C1095B97}&mid=456c55ad0a6b47d19fbd957ea080bf29-30d78395f92ec893880db6499e9bb7768678beb6&lang=de&ds=AVG&pr=fr&d=2011-11-21 16:54:19&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\windows\TEMP\E_SD2B9.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [UpgradeChecker] C:\Users\***\AppData\Roaming\TeamViewer\{984088A5-86E6-4BE6-8D33-845955219A02}\UpgradeChecker.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D303D80-0ADA-4BD8-881E-E809007212F9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.09 21:12:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.06 00:46:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.07.05 08:03:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012.07.04 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.04 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 19:44:58 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe [2012.07.04 09:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.03 01:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.07.02 21:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012.07.02 21:35:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012.07.02 21:35:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012.07.02 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.07.02 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.02 21:31:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.07.02 21:31:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.07.02 21:31:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher [2012.07.02 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data [2012.07.02 21:24:19 | 000,000,000 | ---D | C] -- C:\IDE [2012.07.02 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.07.02 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.07.02 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.07.02 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.02 21:07:50 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2012.07.02 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.07.02 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 [2012.07.02 21:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.07.02 21:05:42 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\Wartung [2012.07.02 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.07.02 21:02:27 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.07.02 21:00:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.25 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.06.21 22:28:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012.06.21 22:28:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012.06.21 22:28:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012.06.21 22:27:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012.06.21 22:27:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012.06.21 22:27:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012.06.21 22:27:24 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012.06.21 22:27:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012.06.14 23:51:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.06.14 23:51:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.06.14 23:51:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.06.14 23:51:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.06.14 23:51:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.06.14 23:51:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.06.14 23:51:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.06.14 23:51:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.06.14 23:51:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.06.14 23:51:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.06.14 23:51:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.06.14 23:51:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.06.14 23:51:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.06.14 21:48:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012.06.14 21:48:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012.06.14 21:48:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012.06.14 21:48:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.06.14 21:48:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.06.14 21:48:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.06.14 21:48:33 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012.06.14 21:48:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.06.14 21:48:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2011.09.23 02:22:53 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2012.07.09 21:12:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.09 21:12:40 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 21:12:40 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 21:09:40 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.07.09 21:09:40 | 000,654,150 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.07.09 21:09:40 | 000,616,032 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.07.09 21:09:40 | 000,130,022 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.07.09 21:09:40 | 000,106,412 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.07.09 21:05:48 | 000,148,703 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.07.09 21:05:21 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.07.09 21:05:21 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.09 21:05:18 | 000,458,304 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.09 21:05:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.09 21:05:04 | 3152,359,424 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 17:42:10 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 19:02:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.04 19:55:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 21:18:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.03 01:15:53 | 000,001,143 | ---- | M] () -- C:\Users\***\Desktop\eBay Startseite.website [2012.07.02 22:15:05 | 001,486,848 | ---- | M] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:26:21 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:17 | 000,100,352 | ---- | M] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:17:17 | 000,000,929 | ---- | M] () -- C:\windows\SysNative\dfboottime.cfg ========== Files Created - No Company Name ========== [2012.07.09 21:05:05 | 000,458,304 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.05 19:02:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.04 19:55:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 01:12:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 21:26:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:42 | 001,486,848 | ---- | C] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:13:45 | 000,100,352 | ---- | C] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:13:45 | 000,000,929 | ---- | C] () -- C:\windows\SysNative\dfboottime.cfg [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011.12.09 22:25:02 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.04 17:05:37 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.12.04 15:50:50 | 000,000,772 | ---- | C] () -- C:\windows\ODBCINST.INI [2011.09.23 02:57:46 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.09.23 02:57:46 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.09.23 02:04:13 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.11 03:53:38 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.02.12 21:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 5430 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_4tasks-5-140287006 @Alternate Data Stream - 2862 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_0tasks-11955776701 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_3tasks-41187199609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_2tasks-3-249296213 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_1tasks-21900587292 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default993030672 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-992759298 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-988839974 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default987487481 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-986786623 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-981469920 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default975384127 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default974898139 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-964230741 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-962137113 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default961364690 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default959635901 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default957928005 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-956719291 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-941156179 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-929877205 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default919523619 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-919022867 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default917539611 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-904587278 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default902854795 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-902749851 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-898876787 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default896309962 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default891709122 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-889933384 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-87921001 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-864510077 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default844193383 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default842537018 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-837665007 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-833103918 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-811087657 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-80550393 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default803403097 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default782593109 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-77394613 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default762107976 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-760535131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default741882673 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-738336773 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default737759674 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-736008172 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-734800024 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default733308763 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default731000787 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726891968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726549684 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default721790111 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-703548097 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default696102640 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default669953622 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default668831569 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662568723 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662255696 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-659634986 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default65637546 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-645198256 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default642891521 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default637322369 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default622146066 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-619195131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-604740682 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601969881 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601829510 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-584166560 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-576006439 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-573039484 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-569553266 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default563192142 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-561165156 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-558562520 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default554006312 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default545724494 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default54427129 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default536090202 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-535536308 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514804993 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514554004 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default502912222 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-49294992 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-485957890 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default484436068 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default470955066 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-46847850 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-468040237 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-45117692 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-430267798 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default428250576 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default414014240 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-411800142 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-409126019 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-374851184 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-368254497 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355606591 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355065013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-351279218 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-323064050 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default308450659 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default307977968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default298820762 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289828614 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289246334 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default282924129 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-268334020 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default260289307 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default246181465 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default238544367 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default216723191 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2145372041 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2125849643 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2118978442 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2117264875 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default211346299 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2105551609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2095590135 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2072377935 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2070364806 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2064531986 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2061873476 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2046524449 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2042108278 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2022567949 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2013146028 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1989455457 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1988702234 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1959250980 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1946590947 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1931360949 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1891602019 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1883901222 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1875455323 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-185723541 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1843167520 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1840386937 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1839400103 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1839109831 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1836901595 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1835942961 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1835001651 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1834855209 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1833944197 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1813954899 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1807888660 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1805233887 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1770454810 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1764366232 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1760140089 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-174980855 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1742441381 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1738597676 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default173713172 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1721880950 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1695884423 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default169172528 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1684047200 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1678690224 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1672088968 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1670512098 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1665875131 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-166292680 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1662107299 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656307948 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656127055 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1643381164 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1633196364 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1631730104 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1631329884 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1621704239 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-158663338 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1579997113 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1577106845 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1564893078 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-155976811 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1551472473 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1536369382 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1528200013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1522535931 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1514857280 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-151245041 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1503504806 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1501586351 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1444205108 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1427093896 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1422959303 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1416846609 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1408471963 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1404243526 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1402638046 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-140202020 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1376998509 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1366116650 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1360301193 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-135367251 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1350159718 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1338807475 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1327300982 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1317825313 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1282828711 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1281266633 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1263670147 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default125998658 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1247305167 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1244380244 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1240496054 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1238923644 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1218507792 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1197535532 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-119181932 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1188954925 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1186218840 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default117714038 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1169897999 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1162608358 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1160245177 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1155285268 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1145141523 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1132926931 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1128348031 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default111010633 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1101631123 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1099931417 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1072486842 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default107174514 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1046533619 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1042528317 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-103238553 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1025299384 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1025075596 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default102001588 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1008569388 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert975384127 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert844193383 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert767806421 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert662255696 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-401358790 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-355065013 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert265139635 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1839109831 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1238923644 @Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1036223810 < End of report > Und hier die "ausführliche" Extras.Txt Datei : Code:
ATTFilter OTL Extras logfile created on: 09.07.2012 21:15:32 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 69,00% Memory free
7,83 Gb Paging File | 6,38 Gb Available in Paging File | 81,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 868,52 Gb Free Space | 95,83% Space Free | Partition Type: NTFS
Drive D: | 264,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23D3E724-745A-47BE-B02D-EA369EB9ABA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{90915600-EE3F-46F4-B5C8-940AA1315B0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6595B82-57C3-4865-AA0D-28F7C4A8677C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28B8C936-9C44-47C6-8099-FAE7384EB350}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3CD19768-E15F-49BA-B7FB-2765D4817D9B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FD77804-8D05-480A-A1BE-91CDBDA43980}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4248B9D3-4B9D-4764-BE84-FA679FCD1133}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{60354772-2898-4FF7-ACC3-459E4395F0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{651C8F1F-0FD4-4B56-9363-35F720D253F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A7B1A000-40B7-4C84-A3CD-A6BA2414777A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{21411A1D-11D7-42DF-880C-411B2396FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{89377761-9416-41F5-9B05-EB7EB7C129B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON SX130 Series" = Druckerdeinstallation für EPSON SX130 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000468.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
[ System Events ]
Error - 03.07.2012 02:31:29 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 02:42:51 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 02:42:54 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 11:20:22 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 11:20:25 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 13:47:00 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 13:47:03 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 15:17:01 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2012 um 21:08:30 unerwartet heruntergefahren.
Error - 03.07.2012 15:16:55 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 03.07.2012 15:16:59 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
< End of report >
Und diese installierten Programme zeigt mir der CCleaner an : Code:
ATTFilter ABBYY FineReader 9.0 Sprint ABBYY 14.11.2011 9.01.513.58212 Avira Free Antivirus Avira 02.07.2012 125MB 12.0.0.1125 Benutzerhandbuch EPSON SX130 Series 14.11.2011 CCleaner Piriform 22.06.2012 3.20 Defraggler Piriform 02.07.2012 2.10 Druckerdeinstallation für EPSON SX130 Series SEIKO EPSON Corporation 14.11.2011 Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 13.11.2011 2.2.4.0 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 13.11.2011 1.00.0000 Epson Event Manager SEIKO EPSON CORPORATION 13.11.2011 40,5MB 2.40.0009 EPSON Scan Seiko Epson Corporation 14.11.2011 ESET Online Scanner v3 04.07.2012 Google Chrome Google Inc. 22.09.2011 20.0.1132.47 IncrediMail 2.0 IncrediMail Ltd. 16.11.2011 6.2.9.5139 Intel(R) Control Center Intel Corporation 23.09.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 23.09.2011 7.0.0.1118 Intel(R) Network Connections Drivers Intel 23.09.2011 15.4 Intel(R) Processor Graphics Intel Corporation 02.07.2012 8.15.10.2345 Lenovo Dynamic Brightness System Lenovo 22.09.2011 4.0.00.22080 Lenovo EE Boot Optimizer Lenovo 23.09.2011 0.0.1.6 Lenovo Eye Distance System Lenovo 22.09.2011 4.0.00.21090 Lenovo Power2Go CyberLink Corp. 22.09.2011 154MB 6.0.4827a Lenovo Rescue System CyberLink Corp. 23.09.2011 3.0.1409 Lenovo Tinian Fn PS/2 Keyboard Driver Lenovo 22.09.2011 V1.0.11.0321 Lenovo Treiber- und Anwendungsinstallation Lenovo 22.09.2011 5.10.1809 LibreOffice 3.4 LibreOffice 04.12.2011 478MB 3.4.402 LVT Lenovo 22.09.2011 4.1.2.0919 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 04.07.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.12.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.12.2011 2,93MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 02.07.2012 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 02.07.2012 7,95MB 14.0.5130.5003 Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 02.07.2012 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 02.07.2012 508KB 2.0.4024.1 Microsoft Silverlight Microsoft Corporation 11.05.2012 80,3MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.09.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 04.12.2011 300KB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 04.12.2011 2,52MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 04.12.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 22.09.2011 3,51MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.11.2011 592KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 04.12.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 02.07.2012 16,5MB 10.0.40219 OneKey Recovery CyberLink Corp. 23.09.2011 3.0.1409 Photo Notifier and Animation Creator IncrediMail Ltd. 16.11.2011 1.0.0.1009 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.09.2011 6.0.1.6230 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 22.09.2011 6.1.7600.30123 Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 22.09.2011 1,00MB 2.0.26.0 Visual Studio 2008 x64 Redistributables AVG Technologies 21.11.2011 10,0MB 10.0.0.2 VR-NetWorld 04.12.2011 Windows Live Essentials Microsoft Corporation 22.09.2011 15.4.3508.1109 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 22.09.2011 5,57MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 22.09.2011 5,57MB 15.4.5722.2 |
|
10.07.2012, 16:34
| #4 | |
| /// Helfer-Team | GVU Trojaner - Variante vom 16.05.2012 Systemreinigung und Prüfung: 1. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [UpgradeChecker] C:\Users\***\AppData\Roaming\TeamViewer\{984088A5-86E6-4BE6-8D33-845955219A02}\UpgradeChecker.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.07.09 21:05:21 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 17:42:10 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 21:18:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.03 01:12:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
@Alternate Data Stream - 5430 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_4tasks-5-140287006
@Alternate Data Stream - 2862 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_0tasks-11955776701
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_3tasks-41187199609
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_2tasks-3-249296213
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:TASKICON_1tasks-21900587292
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default993030672
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-992759298
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-988839974
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default987487481
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-986786623
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-981469920
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default975384127
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default974898139
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-964230741
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-962137113
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default961364690
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default959635901
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default957928005
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-956719291
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-941156179
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-929877205
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default919523619
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-919022867
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default917539611
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-904587278
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default902854795
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-902749851
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-898876787
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default896309962
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default891709122
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-889933384
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-87921001
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-864510077
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default844193383
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default842537018
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-837665007
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-833103918
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-811087657
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-80550393
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default803403097
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default782593109
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-77394613
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default762107976
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-760535131
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default741882673
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-738336773
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default737759674
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-736008172
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-734800024
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default733308763
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default731000787
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726891968
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-726549684
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default721790111
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-703548097
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default696102640
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default669953622
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default668831569
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662568723
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default662255696
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-659634986
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default65637546
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-645198256
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default642891521
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default637322369
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default622146066
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-619195131
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-604740682
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601969881
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-601829510
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-584166560
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-576006439
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-573039484
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-569553266
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default563192142
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-561165156
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-558562520
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default554006312
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default545724494
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default54427129
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default536090202
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-535536308
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514804993
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default514554004
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default502912222
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-49294992
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-485957890
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default484436068
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default470955066
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-46847850
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-468040237
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-45117692
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-430267798
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default428250576
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default414014240
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-411800142
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-409126019
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-374851184
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-368254497
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355606591
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-355065013
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-351279218
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-323064050
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default308450659
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default307977968
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default298820762
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289828614
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-289246334
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default282924129
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-268334020
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default260289307
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default246181465
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default238544367
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default216723191
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2145372041
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2125849643
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2118978442
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2117264875
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default211346299
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2105551609
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2095590135
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2072377935
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2070364806
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2064531986
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2061873476
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-2046524449
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2042108278
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2022567949
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default2013146028
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1989455457
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1988702234
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1959250980
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1946590947
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1931360949
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1891602019
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1883901222
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1875455323
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-185723541
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1843167520
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1840386937
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1839400103
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1839109831
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1836901595
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1835942961
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1835001651
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1834855209
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1833944197
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1813954899
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1807888660
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1805233887
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1770454810
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1764366232
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1760140089
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-174980855
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1742441381
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1738597676
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default173713172
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1721880950
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1695884423
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default169172528
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1684047200
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1678690224
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1672088968
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1670512098
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1665875131
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-166292680
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1662107299
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656307948
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1656127055
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1643381164
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1633196364
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1631730104
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1631329884
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1621704239
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-158663338
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1579997113
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1577106845
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1564893078
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-155976811
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1551472473
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1536369382
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1528200013
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1522535931
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1514857280
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-151245041
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1503504806
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1501586351
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1444205108
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1427093896
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1422959303
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1416846609
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1408471963
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1404243526
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1402638046
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-140202020
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1376998509
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1366116650
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1360301193
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-135367251
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1350159718
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1338807475
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1327300982
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1317825313
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1282828711
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1281266633
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1263670147
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default125998658
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1247305167
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1244380244
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1240496054
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1238923644
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1218507792
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1197535532
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-119181932
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1188954925
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1186218840
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default117714038
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1169897999
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1162608358
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1160245177
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1155285268
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1145141523
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1132926931
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1128348031
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default111010633
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1101631123
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1099931417
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1072486842
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default107174514
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1046533619
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1042528317
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-103238553
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default-1025299384
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1025075596
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default102001588
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-default1008569388
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert975384127
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert844193383
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert767806421
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert662255696
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-401358790
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert-355065013
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert265139635
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1839109831
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1238923644
@Alternate Data Stream - 1150 bytes -> C:\Users\***\Desktop\eBay Startseite.website:DESTICON_deal-alert1036223810
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 3. reinige dein System mit CCleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 7. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
11.07.2012, 03:11
| #5 |
| | GVU Trojaner - Variante vom 16.05.2012 Hier meine LOG's und Kommentare zu den von Dir beschriebenen Punkten : 1. Das System hat nicht neugestartet sondern nur eine Abmeldung durchgeführt (hoffe das war mit "OTL verlangt einen Neustart. Bitte zulassen." gemeint ?!), danach wurde mir dieses LOG angezeigt : Code:
ATTFilter Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K6VVLHSS\_158345;tile=2;um=7;us=12;eb_trk=158345;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3O909VPP\opt=ist;tile=1;um=7;us=12;eb_trk=183704;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1V6V2BPC\opt=ist;tile=1;um=7;us=12;eb_trk=158366;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1V6V2BPC\opt=ist;tile=1;um=7;us=12;eb_trk=158395;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K6VVLHSS\_158345;tile=2;um=7;us=12;eb_trk=158345;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3O909VPP\opt=ist;tile=1;um=7;us=12;eb_trk=183704;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1V6V2BPC\opt=ist;tile=1;um=7;us=12;eb_trk=158366;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
File C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1V6V2BPC\opt=ist;tile=1;um=7;us=12;eb_trk=158395;pr=22;xp=25;np=22;uz=86199;fbi=;sbi=0;fbo=;sbo=;fse=11450;sse=3051;fvi=220;svi=23685;ac=;cg=e6db10e91330a0aa152799e7fc639e46[1].htm not found!
Registry entries deleted on Reboot...
2. Das meiste habe ich schon gewußt und auch beim System meiner Bekannten eingestellt. Muß mit Ihr aber einiges besprechen was Sie beim IE eingestellt haben möchte ! 3. CCleaner wurde wie beschrieben ausgeführt. 4. SUPERAntiSpyware FREE Edition wurde wie beschrieben ausgeführt es wurde der Trojan.Dropper/Win-NV in der Datei C:\Windows\jmesoft\Service.exe gefunden. Allerdings handelt es sich nach einer Recherche im Internet um eine Fehlmeldung. Die Datei ist Bestandteil der Lenova Tastatur Software. Deshalb habe ich vorerst nichts gelöscht - denke das habe ich richtig gemacht - was meinst Du kira ?! Hier die LOG Datei : Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/10/2012 at 11:54 PM
Application Version : 5.5.1012
Core Rules Database Version : 8877
Trace Rules Database Version: 6689
Scan type : Complete Scan
Total Scan Time : 00:25:42
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 489
Memory threats detected : 1
Registry items scanned : 65311
Registry threats detected : 0
File items scanned : 56916
File threats detected : 1
Trojan.Dropper/Win-NV
C:\WINDOWS\JMESOFT\SERVICE.EXE
C:\WINDOWS\JMESOFT\SERVICE.EXE
5. Werde ich mit meiner Bekannten besprechen ob und wie Sie es eingestellt haben möchte ! Allerdings gibt das Betriebssytem auch eine Warnmeldung aus wenn ein externer Datenträger versucht einen "Autorun" auszuführen ! 6. Der ESET Online Scanner wurde wie beschrieben und hat mir keine Funde angezeigt !  Hier die LOG : Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4d3433adc464704bbac00a869517d32f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-11 01:32:59
# local_time=2012-07-11 03:32:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 711154 711154 0 0
# compatibility_mode=5893 16776574 100 94 711270 93598490 0 0
# compatibility_mode=8192 67108863 100 0 582449 582449 0 0
# scanned=119869
# found=0
# cleaned=0
# scan_time=1739
7. OTL wurde wie beschrieben nochmal ausgeführt. Hier die OTL.Txt : Code:
ATTFilter OTL logfile created on: 11.07.2012 03:54:47 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 71,70% Memory free 7,83 Gb Paging File | 6,60 Gb Available in Paging File | 84,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 866,85 Gb Free Space | 95,64% Space Free | Partition Type: NTFS Drive D: | 264,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.09 21:12:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.21 23:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe PRC - [2011.03.21 23:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe PRC - [2011.03.16 05:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe PRC - [2010.10.05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.30 10:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.05 01:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2009.12.05 02:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009.12.05 01:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll MOD - [2007.12.31 19:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.03.16 05:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard) SRV - [2010.10.05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.23 02:38:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.23 02:38:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.23 02:23:30 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.09.23 02:23:30 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.21 23:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.04.08 15:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.03.23 03:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 67 71 F7 DD 5E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={114B4C55-1B71-4CCF-ACB7-5796C1095B97}&mid=456c55ad0a6b47d19fbd957ea080bf29-30d78395f92ec893880db6499e9bb7768678beb6&lang=de&ds=AVG&pr=fr&d=2011-11-21 16:54:19&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\windows\TEMP\E_SD2B9.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D303D80-0ADA-4BD8-881E-E809007212F9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.11 03:52:33 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV [2012.07.11 03:01:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.07.11 03:01:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.07.11 03:01:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.07.11 03:01:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.07.11 03:01:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.07.11 03:01:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.07.11 03:01:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.07.11 03:01:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.07.11 03:01:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.07.11 03:01:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.07.11 03:01:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.07.11 03:01:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.07.11 03:01:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.07.11 02:59:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2012.07.11 02:59:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2012.07.11 02:59:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.07.11 02:59:12 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2012.07.11 02:59:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll [2012.07.10 23:23:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2012.07.10 23:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.10 23:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.07.10 23:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.10 22:49:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.09 21:12:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.06 00:46:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.07.05 08:03:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012.07.04 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.04 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.04 19:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 19:44:58 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe [2012.07.03 01:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.07.03 01:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.07.02 21:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.07.02 21:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012.07.02 21:35:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012.07.02 21:35:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012.07.02 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.07.02 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.02 21:31:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.07.02 21:31:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.07.02 21:31:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.02 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher [2012.07.02 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data [2012.07.02 21:24:19 | 000,000,000 | ---D | C] -- C:\IDE [2012.07.02 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.07.02 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.07.02 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.07.02 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.07.02 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.02 21:07:50 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2012.07.02 21:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.07.02 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 [2012.07.02 21:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.07.02 21:05:42 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\Wartung [2012.07.02 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.07.02 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.07.02 21:02:27 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.07.02 21:00:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.25 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.06.21 22:28:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012.06.21 22:28:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012.06.21 22:28:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012.06.21 22:27:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012.06.21 22:27:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012.06.21 22:27:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012.06.21 22:27:24 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012.06.21 22:27:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012.06.14 21:48:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012.06.14 21:48:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012.06.14 21:48:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012.06.14 21:48:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.06.14 21:48:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.06.14 21:48:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.06.14 21:48:33 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012.06.14 21:48:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.06.14 21:48:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2011.09.23 02:22:53 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2012.07.11 03:57:01 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.07.11 03:57:01 | 000,654,150 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.07.11 03:57:01 | 000,616,032 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.07.11 03:57:01 | 000,130,022 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.07.11 03:57:01 | 000,106,412 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.07.11 03:54:09 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 03:54:09 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 03:52:44 | 000,323,091 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.07.11 03:51:56 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.07.11 03:51:47 | 000,458,304 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.11 03:51:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.11 03:51:24 | 3152,359,424 | -HS- | M] () -- C:\hiberfil.sys [2012.07.11 02:00:00 | 000,000,520 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7a7bf41e-32c6-4bfb-9117-e82f8ec73a29.job [2012.07.10 23:27:26 | 000,000,520 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 726c5b6c-9718-47e1-8ee3-357cdef0ff7d.job [2012.07.10 23:23:02 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.09 21:12:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.05 19:02:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.04 19:55:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 01:15:53 | 000,001,143 | ---- | M] () -- C:\Users\***\Desktop\eBay Startseite.website [2012.07.02 22:15:05 | 001,486,848 | ---- | M] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:26:21 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:17 | 000,100,352 | ---- | M] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:17:17 | 000,000,929 | ---- | M] () -- C:\windows\SysNative\dfboottime.cfg ========== Files Created - No Company Name ========== [2012.07.10 23:27:13 | 000,458,304 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.10 23:23:33 | 000,000,520 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7a7bf41e-32c6-4bfb-9117-e82f8ec73a29.job [2012.07.10 23:23:33 | 000,000,520 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 726c5b6c-9718-47e1-8ee3-357cdef0ff7d.job [2012.07.10 23:23:02 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.05 19:02:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.04 19:55:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.02 21:26:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.02 21:24:06 | 000,001,816 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office.lnk [2012.07.02 21:17:42 | 001,486,848 | ---- | C] () -- C:\Users\***\Desktop\Verein Adressen 2008 -2012.mdb [2012.07.02 21:13:45 | 000,100,352 | ---- | C] () -- C:\windows\SysNative\dfboottime.exe [2012.07.02 21:13:45 | 000,000,929 | ---- | C] () -- C:\windows\SysNative\dfboottime.cfg [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011.12.09 22:25:02 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.04 17:05:37 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.12.04 15:50:50 | 000,000,772 | ---- | C] () -- C:\windows\ODBCINST.INI [2011.09.23 02:57:46 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.09.23 02:57:46 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.09.23 02:04:13 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.11 03:53:38 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.02.12 21:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== LOP Check ========== [2012.06.13 23:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Beina [2011.11.14 00:49:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2011.12.04 16:58:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice [2012.07.02 21:00:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.07.04 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.12.04 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.04.02 21:21:54 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.07.10 23:27:26 | 000,000,520 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 726c5b6c-9718-47e1-8ee3-357cdef0ff7d.job [2012.07.11 02:00:00 | 000,000,520 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7a7bf41e-32c6-4bfb-9117-e82f8ec73a29.job ========== Purity Check ========== < End of report > Hier die Extras.Txt : Code:
ATTFilter OTL Extras logfile created on: 11.07.2012 03:54:47 - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 71,70% Memory free
7,83 Gb Paging File | 6,60 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 866,85 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
Drive D: | 264,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23D3E724-745A-47BE-B02D-EA369EB9ABA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{90915600-EE3F-46F4-B5C8-940AA1315B0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6595B82-57C3-4865-AA0D-28F7C4A8677C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28B8C936-9C44-47C6-8099-FAE7384EB350}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3CD19768-E15F-49BA-B7FB-2765D4817D9B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FD77804-8D05-480A-A1BE-91CDBDA43980}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4248B9D3-4B9D-4764-BE84-FA679FCD1133}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{60354772-2898-4FF7-ACC3-459E4395F0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{651C8F1F-0FD4-4B56-9363-35F720D253F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A7B1A000-40B7-4C84-A3CD-A6BA2414777A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{21411A1D-11D7-42DF-880C-411B2396FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{89377761-9416-41F5-9B05-EB7EB7C129B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON SX130 Series" = Druckerdeinstallation für EPSON SX130 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
Error - 04.07.2012 14:02:26 | Computer Name = ***-PC | Source = ESENT | ID = 902
Description = Windows (2888) Windows: Das Datenbankmodul hat mehrere Threads erkannt,
die unberechtigt die gleiche Datenbanksitzung verwenden, um Datenbankoperationen
durchzuführen. Sitzungs-ID 0x00000000012C0920 Sitzungskontext 0x00000000 Thread-ID
des Sitzungskontextes 0x0000000000001374 aktuelle Thread-ID 0x0000000000000980.
[ System Events ]
Error - 04.07.2012 02:30:02 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 04.07.2012 02:36:59 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 04.07.2012 02:37:03 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 05.07.2012 02:01:59 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 05.07.2012 02:02:03 | Computer Name = ***-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 05.07.2012 02:03:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 05.07.2012 02:03:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 05.07.2012 02:03:14 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 05.07.2012 02:03:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 05.07.2012 02:03:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
Kann das System als Virenfrei gelten ?! |
|
11.07.2012, 09:15
| #6 |
| /// Helfer-Team | GVU Trojaner - Variante vom 16.05.2012 sieht gut aus... ► Somit kann ich Dein Problem als erledigt ansehen?
__________________ --> GVU Trojaner - Variante vom 16.05.2012 |
|
11.07.2012, 12:12
| #7 |
| | GVU Trojaner - Variante vom 16.05.2012 Okay. Danke für die Hilfe kira   Meine Bekannte wird froh sein den PC wieder zu bekommen. Eine regelmäßige Datensicherung wird auf jedenfall eingerichtet und über den Virenschutz = kostenpflichtige Version sollte man auch noch mal reden ! |
|
11.07.2012, 21:06
| #8 | ||
| /// Helfer-Team | GVU Trojaner - Variante vom 16.05.2012 ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu GVU Trojaner - Variante vom 16.05.2012 |
| adobe, alternate, antivirus, avg secure search, avira, bildschirm, dringend, einstellungen, exp/2012-0507.aw, exp/2012-0507.cw, exp/2012-0507.dy, exp/java.ternub.gen, frage, gelöscht, install.exe, java/dldr.lamar.bd, lenovo, live cd, log, malwarebytes, microsoft fix it, microsoft office word, neu aufsetzen, neue, office 2007, plug-in, schädlinge, searchscopes, secure search, suche, temp, tr/drop.injector.fhdt, tr/gataka.d.57, trojaner-board, usb 2.0, usb 3.0, windows |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
