|
Plagegeister aller Art und deren Bekämpfung: MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.07.2012, 11:29 | #1 |
| MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Hallo, ich habe in letzter Zeit mit steigender Frequenz ein Problem beim Hochfahren meines Windows XP-Rechners (x86). Meist kurz nach dem Einloggen kommt BlueScreen und der Rechner startet neu. Oft bleibt er beim Bios-Bildschirm dann hängen. In der Ereignisanzeige taucht in zeitlichem Zusammenhang eine Meldung 'Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann die angegebene Datei nicht finden.' auf. Nach Internet-Recherche scheint das mit Samsung und Brenner-Software in Verbindung gebracht zu werden. Ganz sicher, was StarOpen ist und ob es wirklich unproblematisch ist, scheint es aber nicht zu sein. Daraufhin habe ich Malwarebytes Antimalware laufen lassen mit zwei Funden: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sim :: SIMPC2 [Administrator] Schutz: Aktiviert 26.07.2012 10:42:22 mbam-log-2012-07-26 (11-17-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244598 Laufzeit: 34 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Documents and Settings\sim\Local Settings\Temp\is-2D0P9.tmp\Oleau64.dll (Spyware.Banker.Gen) -> Keine Aktion durchgeführt. C:\Documents and Settings\sim\Local Settings\Temp\is-2D0P9.tmp\RMPly00.exe (Adware.Agent) -> Keine Aktion durchgeführt. (Ende) otl.txt Code:
ATTFilter OTL logfile created on: 26.07.2012 11:47:16 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\sim\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 76,27% Memory free 5,72 Gb Paging File | 4,98 Gb Available in Paging File | 87,16% Paging File free Paging file location(s): F:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 122,09 Gb Total Space | 32,31 Gb Free Space | 26,46% Space Free | Partition Type: NTFS Drive D: | 343,67 Gb Total Space | 299,41 Gb Free Space | 87,12% Space Free | Partition Type: NTFS Drive F: | 74,53 Gb Total Space | 1,05 Gb Free Space | 1,41% Space Free | Partition Type: NTFS Drive H: | 8,19 Gb Total Space | 0,98 Gb Free Space | 11,94% Space Free | Partition Type: NTFS Drive J: | 3726,03 Gb Total Space | 3490,16 Gb Free Space | 93,67% Space Free | Partition Type: NTFS Drive L: | 1,99 Gb Total Space | 1,00 Gb Free Space | 50,15% Space Free | Partition Type: NTFS Drive P: | 14,19 Gb Total Space | 7,70 Gb Free Space | 54,29% Space Free | Partition Type: NTFS Drive Q: | 9,99 Gb Total Space | 9,99 Gb Free Space | 100,00% Space Free | Partition Type: NTFS Drive R: | 9,99 Gb Total Space | 1,28 Gb Free Space | 12,81% Space Free | Partition Type: NTFS Drive S: | 9,99 Gb Total Space | 1,81 Gb Free Space | 18,13% Space Free | Partition Type: NTFS Drive X: | 14,19 Gb Total Space | 12,55 Gb Free Space | 88,47% Space Free | Partition Type: NTFS Drive Y: | 4,19 Gb Total Space | 4,06 Gb Free Space | 96,79% Space Free | Partition Type: NTFS Computer Name: SIMPC2 | User Name: sim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.26 11:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2012.07.05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe PRC - [2012.03.11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe PRC - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.10.27 11:33:58 | 000,173,104 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.10.27 11:33:40 | 000,126,512 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.10.27 11:33:28 | 000,142,384 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.02.04 14:18:14 | 000,408,590 | ---- | M] () -- D:\Programme\cygwin\usr\sbin\sshd.exe PRC - [2010.05.03 17:13:24 | 001,063,936 | ---- | M] (DATEV eG) -- C:\Program Files\DATEV-SiPa-compact\DVcServ.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe PRC - [2008.04.18 04:59:06 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2008.04.18 04:57:26 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () -- D:\Programme\cygwin\bin\cygrunsrv.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- D:\Programme\PhotoshopElements6\apdproxy.exe PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe PRC - [2001.10.11 17:35:00 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.07.26 11:11:16 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\sim\Local Settings\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.07.10 03:53:28 | 014,278,144 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012.07.10 03:52:52 | 000,538,112 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012.06.26 10:40:56 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012.06.26 10:40:06 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012.06.26 09:04:16 | 000,043,520 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012.06.26 09:03:18 | 000,651,216 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll MOD - [2012.06.26 09:03:18 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll MOD - [2012.06.26 09:03:16 | 000,544,208 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll MOD - [2012.06.26 09:03:16 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll MOD - [2012.06.15 09:40:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012.06.15 08:05:10 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.15 08:04:49 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.14 20:37:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll MOD - [2012.06.14 20:36:26 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.06.14 20:35:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.11 18:06:19 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012.05.11 18:04:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.11 17:59:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.11 17:58:32 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012.05.11 17:58:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.05.11 17:56:52 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.05.11 17:56:37 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 17:56:23 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.12.19 19:59:44 | 000,068,424 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav MOD - [2011.02.08 20:44:35 | 001,174,542 | ---- | M] () -- D:\Programme\cygwin\bin\cygcrypto-0.9.8.dll MOD - [2011.02.04 14:18:14 | 000,408,590 | ---- | M] () -- D:\Programme\cygwin\usr\sbin\sshd.exe MOD - [2010.08.15 02:54:51 | 000,010,766 | ---- | M] () -- D:\Programme\cygwin\bin\cygssp-0.dll MOD - [2010.08.15 02:54:30 | 000,046,094 | ---- | M] () -- D:\Programme\cygwin\bin\cyggcc_s-1.dll MOD - [2010.08.01 23:04:19 | 000,077,838 | ---- | M] () -- D:\Programme\cygwin\bin\cygz.dll MOD - [2010.03.28 11:02:33 | 000,028,174 | ---- | M] () -- D:\Programme\cygwin\bin\cygwrap-0.dll MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () -- D:\Programme\cygwin\bin\cygrunsrv.exe MOD - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe MOD - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe MOD - [2003.10.19 11:12:30 | 000,006,656 | ---- | M] () -- D:\Programme\cygwin\bin\cygcrypt-0.dll MOD - [2001.10.11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.07.12 09:38:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.11.05 12:07:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.07.22 02:01:12 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6) SRV - [2008.04.18 04:57:26 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () [Auto | Running] -- D:\Programme\cygwin\bin\cygrunsrv.exe -- (sshd) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL) SRV - [2005.02.15 11:14:26 | 000,106,496 | ---- | M] (cobra GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\APUpdService.exe -- (APUpdService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.11 23:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2012.03.11 23:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.03.11 23:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.03.11 23:13:43 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd) DRV - [2011.11.29 17:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2011.08.17 13:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 13:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.08.17 13:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 13:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.08 16:49:04 | 000,023,168 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCEX.sys -- (KOBCCEX) DRV - [2009.10.08 16:48:56 | 000,083,840 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCID.sys -- (KOBCCID) DRV - [2009.05.25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC) DRV - [2009.03.02 14:46:45 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC) DRV - [2008.04.16 09:27:04 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.07.13 14:11:04 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.05 14:55:58 | 000,043,392 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.03.17 20:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/burn4free/{057A21BE-5742-412A-86FA-5C1A75A739E2} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/ IE - HKCU\..\SearchScopes,DefaultScope = {1813469C-9626-4D00-A1E1-888676CEAFC7} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{1813469C-9626-4D00-A1E1-888676CEAFC7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/burn4free/{057A21BE-5742-412A-86FA-5C1A75A739E2}?q={searchTerms} IE - HKCU\..\SearchScopes\{9759558C-5B11-4702-A9B4-B837A137A5BE}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.de/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 15:31:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.16 12:51:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.12.02 00:58:14 | 000,000,000 | ---D | M] [2009.02.25 09:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Extensions [2009.02.25 09:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Extensions\home2@tomtom.com [2012.07.15 19:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions [2010.01.07 20:23:03 | 000,000,000 | ---D | M] (mediaDownloader) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba} [2009.09.05 12:00:36 | 000,000,000 | ---D | M] (Download Embedded) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\dlembed@aeruder.net [2012.06.18 10:21:18 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\webrank-toolbar@probcomp.com [2011.06.07 16:13:00 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\Mozilla\Firefox\Profiles\oa7ztugj.default\searchplugins\search.xml [2011.11.23 09:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.11.20 16:14:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.11 13:56:11 | 000,709,293 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OA7ZTUGJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.08.23 08:42:47 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OA7ZTUGJ.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI [2012.07.18 15:31:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.10.30 18:34:42 | 000,039,424 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll [2004.11.13 05:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll [2012.06.20 21:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 21:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.20 21:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 21:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 21:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 21:47:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ O1 HOSTS File: ([2009.03.10 13:31:50 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 200.200.179.91 NPI0F2121 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files\DATEV-SiPa-compact\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] D:\Programme\PhotoshopElements6\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DVCServ] C:\Program Files\DATEV-SiPa-compact\DVCSERV.exe (DATEV eG) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe (Adobe Systems Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites) O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.200.179.243 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE0259C-FBD6-4941-A707-5D616A1BFB4A}: DhcpNameServer = 200.200.179.243 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/sim/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 17:30:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{44f9b6fa-0308-11de-be51-001731890ded}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell - "" = AutoRun O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 11:39:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe [2012.07.26 10:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\Malwarebytes [2012.07.26 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.26 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012.07.26 10:38:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.26 10:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.20 15:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator [2012.07.20 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\pdfforge [2012.07.20 15:21:31 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll [2012.07.20 15:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.07.19 17:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Desktop\wapstar-cfg-pundit1 [2012.07.19 17:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Desktop\wapstar-cfg-gei [2012.07.16 12:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Local Settings\Application Data\Sun [2012.07.16 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.16 12:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\Oracle [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.26 12:02:00 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2012.07.26 11:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.26 11:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe [2012.07.26 11:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.26 11:28:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\sim\defogger_reenable [2012.07.26 10:39:52 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 12:48:11 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2012.07.24 12:35:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.20 15:21:40 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFArchitect.lnk [2012.07.20 15:21:40 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk [2012.07.20 13:19:42 | 002,575,384 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\2003-10-21-22 Brass Bullet IMPROVED.zip [2012.07.20 09:39:36 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Y sysadmin.lnk [2012.07.19 16:53:37 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\winscp.rnd [2012.07.16 15:04:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012.07.16 14:16:36 | 000,298,423 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Rechnung Kohl Schneegitter 2012.pdf [2012.07.16 08:29:21 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012.07.15 18:50:30 | 003,659,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.12 11:14:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.06 12:15:16 | 000,754,301 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Antrag_20auf_20Befreiung_20von_20Zuzahlungen_20chronisch_20Kranke,property=Data.pdf [2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll [2012.07.04 20:46:47 | 000,150,318 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\System Architecture 2012-07-04.pdf [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.02 11:12:11 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sim\Local Settings\Application Data\PUTTY.RND [2012.06.29 14:34:23 | 000,091,058 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv OUTPUT [2012.06.29 10:08:53 | 000,032,890 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv INPUT [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.26 11:40:59 | 000,448,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012.07.26 11:28:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\sim\defogger_reenable [2012.07.26 10:38:31 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 15:21:40 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFArchitect.lnk [2012.07.20 15:21:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk [2012.07.20 09:39:36 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Y sysadmin.lnk [2012.07.16 14:16:36 | 000,298,423 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Rechnung Kohl Schneegitter 2012.pdf [2012.07.06 12:15:16 | 000,754,301 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Antrag_20auf_20Befreiung_20von_20Zuzahlungen_20chronisch_20Kranke,property=Data.pdf [2012.07.06 07:17:06 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.04 20:49:01 | 000,032,890 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv INPUT [2012.07.04 20:48:21 | 000,091,058 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv OUTPUT [2012.07.04 20:46:47 | 000,150,318 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\System Architecture 2012-07-04.pdf [2012.06.14 10:24:57 | 000,002,117 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\recently-used.xbel [2012.05.24 13:23:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012.05.24 13:23:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2012.05.24 13:23:55 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012.05.24 13:23:55 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012.05.24 13:23:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.04.04 13:26:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\Adobe PNG Format CS5 Prefs [2012.01.31 18:01:40 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.10.20 10:57:42 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\EF3CDE0418.dll [2011.09.14 11:58:46 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\default.rss [2011.05.25 11:13:02 | 000,011,248 | ---- | C] () -- C:\Documents and Settings\sim\gsview32.ini [2011.05.11 17:59:13 | 000,052,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.04.27 17:18:18 | 000,703,959 | ---- | C] () -- C:\WINDOWS\HPISExe.dat [2010.11.03 23:10:39 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2010.08.25 13:14:28 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.05.14 10:21:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\winscp.rnd [2009.09.11 18:27:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\PUTTY.RND [2009.09.05 12:13:34 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\sim\default.pls [2009.07.15 11:35:56 | 000,010,231 | ---- | C] () -- C:\Documents and Settings\sim\LotharSimon_SimonRam_elster_2048.pfx [2009.01.12 15:45:24 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\sim\.appletviewer [2007.08.31 17:01:45 | 000,089,930 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\NMM-MetaData.db [2007.01.18 12:13:05 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\sim\.ganttproject [2007.01.12 12:56:34 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.01 10:00:43 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sim\.java.policy [2006.12.01 09:57:11 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\fusioncache.dat [2006.09.29 10:44:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\sim\.cvspass [2006.09.26 13:11:12 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\sim\.starteam [2006.09.25 15:48:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\dm.ini ========== LOP Check ========== [2009.01.28 17:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2011.06.07 15:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2012.01.31 18:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA [2010.04.21 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular [2010.11.05 12:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2010.11.04 10:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF 4 [2012.03.08 11:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey [2011.12.02 00:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011.09.27 19:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011.09.27 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2012.01.25 13:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2011.12.13 08:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2009.04.08 09:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\.visualvm [2010.11.03 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\CAD-KAS [2011.06.07 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Canneverbe Limited [2012.01.25 13:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2007.08.31 16:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Datalayer [2009.03.23 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\DATEV [2011.10.20 11:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\DJJava [2012.03.30 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Dropbox [2011.11.20 16:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\elsterformular [2010.11.03 23:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\eXPert PDF Editor [2012.06.12 11:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\FileZilla [2006.11.20 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\InterTrust [2008.01.31 17:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Juniper Networks [2006.09.26 12:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Leadertech [2012.03.08 15:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MediaMonkey [2011.12.27 22:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MyPhoneExplorer [2011.11.28 11:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MySQL [2011.12.02 01:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia [2007.09.17 08:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia Multimedia Player [2011.12.02 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia Suite [2011.12.01 12:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Notepad++ [2007.12.03 11:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\OfficeUpdate12 [2011.11.29 19:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Opera [2012.07.16 12:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Oracle [2011.09.27 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\PC Suite [2012.07.20 15:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\pdfforge [2011.12.13 08:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Samsung [2008.08.11 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\streamripper [2011.09.22 14:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Subversion [2009.11.11 12:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\TextPad [2011.06.07 16:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Toolbar4 [2012.05.24 13:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Video DVD Maker FREE [2010.06.23 10:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Windows Desktop Search [2009.06.08 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Windows Search [2012.05.24 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\XMedia Recode ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 26.07.2012 11:47:17 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\sim\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 76,27% Memory free 5,72 Gb Paging File | 4,98 Gb Available in Paging File | 87,16% Paging File free Paging file location(s): F:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 122,09 Gb Total Space | 32,31 Gb Free Space | 26,46% Space Free | Partition Type: NTFS Drive D: | 343,67 Gb Total Space | 299,41 Gb Free Space | 87,12% Space Free | Partition Type: NTFS Drive F: | 74,53 Gb Total Space | 1,05 Gb Free Space | 1,41% Space Free | Partition Type: NTFS Drive H: | 8,19 Gb Total Space | 0,98 Gb Free Space | 11,94% Space Free | Partition Type: NTFS Drive J: | 3726,03 Gb Total Space | 3490,16 Gb Free Space | 93,67% Space Free | Partition Type: NTFS Drive L: | 1,99 Gb Total Space | 1,00 Gb Free Space | 50,15% Space Free | Partition Type: NTFS Drive P: | 14,19 Gb Total Space | 7,70 Gb Free Space | 54,29% Space Free | Partition Type: NTFS Drive Q: | 9,99 Gb Total Space | 9,99 Gb Free Space | 100,00% Space Free | Partition Type: NTFS Drive R: | 9,99 Gb Total Space | 1,28 Gb Free Space | 12,81% Space Free | Partition Type: NTFS Drive S: | 9,99 Gb Total Space | 1,81 Gb Free Space | 18,13% Space Free | Partition Type: NTFS Drive X: | 14,19 Gb Total Space | 12,55 Gb Free Space | 88,47% Space Free | Partition Type: NTFS Drive Y: | 4,19 Gb Total Space | 4,06 Gb Free Space | 96,79% Space Free | Partition Type: NTFS Computer Name: SIMPC2 | User Name: sim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG) "D:\DATEV\PROGRAMM\Install\Uninstal.exe" = D:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI "D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG) "D:\DATEV\PROGRAMM\Install\Uninstal.exe" = D:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Documents and Settings\sim\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sim\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}" = DATEV Sicherheitspaket - compact "{1444B16A-766B-4AD1-8AE8-F0C04C782E2F}" = MySQL Query Browser 1.1 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80 "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006 "{222AE20C-7693-4899-91A9-044597BF95EC}" = MSN Missile Launcher V1.0 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{38766225-85FA-469B-A373-82BF1923A7E4}" = MySQL Workbench 5.2 CE "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4509D9E5-57F8-45B0-9091-4676D709FD7A}" = Microsoft SQL Server Native Client "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F702A4B-D39C-44E6-95A2-A6C9179303DB}" = WD Drive Manager (x86) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A51A91-E7D3-11DB-A386-005056C00008}" = Canyon USB2.0 PC Camera "{743dcba6-4391-450d-b3ca-92d4bc3a5e2e}" = Nero 9 Essentials "{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76C4DAB3-F63A-498F-8645-1E8D6B3EC543}" = Lexware info service aktualisierung 2006 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800 "{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800 "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8A2DA523-38FD-49DA-88E9-6BCDD7CCE9CF}" = MySQL Administrator 1.1 "{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{8C17851D-8495-4827-8E9A-52722E2EEE7B}" = Lexware Dao 350 Dao 360 "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AAE0048D-02E0-42E2-AED8-996995ADE4D4}" = MySQL Server 5.0 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{b86754dd-2ddb-4ac0-9015-cb487277254e}" = InCD Help "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 4.00 "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.0.0 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006 "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.65 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen) "Android SDK Tools" = Android SDK Tools "Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DATEVB00000482.0" = DATEV Installation V.2.6 "ElsterFormular 11.3.0.4235" = ElsterFormular "ENTERPRISER" = Microsoft Office Enterprise 2007 "FileZilla" = FileZilla (remove only) "FileZilla Client" = FileZilla Client 3.5.3 "GanttProject" = GanttProject "GIMP-2_is1" = GIMP 2.8.0 "GPL Ghostscript 9.02" = GPL Ghostscript "GSview 4.9" = GSview 4.9 "HP Photo & Imaging" = HP Image Zone 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IntelliJ IDEA 11.0" = IntelliJ IDEA 11.0 "IntelliJ IDEA 9.0.2" = IntelliJ IDEA 9.0.2 "IrfanView" = IrfanView (remove only) "khb_bh" = Lexware know how buchhaltung "KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MediaMonkey_is1" = MediaMonkey 4.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.52.1100" = Opera 11.52 "Paint Shop Pro 4.12 Shareware" = Paint Shop Pro 4.12 Shareware "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows CE Services" = Microsoft ActiveSync 3.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in "Adobe Connect Add-in" = Adobe Connect Add-in "Dropbox" = Dropbox "Juniper Secure Meeting 5.5.0" = Juniper Networks Secure Meeting 5.5.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.07.2012 04:31:41 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\TOMCAT 6.0\WEBAPPS\ZAPHOD\.SVN\ENTRIES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 04.07.2012 01:33:02 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\NOTIFICATIONS.XML~> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 04.07.2012 01:33:02 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\OTHER.XML~> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 04.07.2012 01:33:09 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\FEATURE.USAGE.STATISTICS.XML> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 04.07.2012 01:33:09 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\FEATURE.USAGE.STATISTICS.XML> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 16.07.2012 10:16:22 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\RECENT\RECHNUNGEN (2).LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 16.07.2012 10:16:22 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\RECENT\RECHNUNGEN (2).LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 18.07.2012 02:39:22 | Computer Name = SIMPC2 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 18.07.2012 03:06:41 | Computer Name = SIMPC2 | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 24.07.2012 06:39:29 | Computer Name = SIMPC2 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. [ OSession Events ] Error - 01.12.2009 09:34:07 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 651 seconds with 60 seconds of active time. This session ended with a crash. Error - 03.12.2009 03:23:51 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88324 seconds with 4260 seconds of active time. This session ended with a crash. Error - 26.04.2010 07:07:51 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9571 seconds with 1920 seconds of active time. This session ended with a crash. Error - 03.06.2010 06:08:38 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102404 seconds with 3180 seconds of active time. This session ended with a crash. Error - 04.06.2010 02:23:59 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71823 seconds with 1800 seconds of active time. This session ended with a crash. Error - 19.07.2010 01:51:21 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 260269 seconds with 720 seconds of active time. This session ended with a crash. Error - 26.09.2010 07:20:39 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.10.2010 03:49:42 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 235802 seconds with 1380 seconds of active time. This session ended with a crash. Error - 01.11.2011 09:46:12 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22011 seconds with 2160 seconds of active time. This session ended with a crash. Error - 07.02.2012 11:09:43 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28679 seconds with 960 seconds of active time. This session ended with a crash. [ System Events ] Error - 25.07.2012 06:12:52 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 25.07.2012 07:12:58 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 25.07.2012 08:13:10 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 25.07.2012 09:16:18 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 25.07.2012 10:16:24 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 25.07.2012 11:16:37 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 26.07.2012 04:11:44 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 26.07.2012 04:16:26 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 26.07.2012 04:20:59 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 26.07.2012 05:42:47 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Ich hoffe mal auf eine schnelle Antwort, da ich ja nach Anweisung nix machen soll an meinem System. Aber wer muss schon nix machen an seinem System...? |
30.07.2012, 07:43 | #2 |
| MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Leider hat bis jetzt niemand geantwortet. Vielleicht weil ich das gmer-log noch nicht geschickt habe? Anscheinend ist die Datei zu groß, um sie hier zu posten. Also, wenn sie jemand braucht, kann ich sie ja zuschicken oder sowas.
__________________Außerdem habe ich einen Full Scan mit Malwarebytes gemacht: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sim :: SIMPC2 [Administrator] Schutz: Aktiviert 27.07.2012 17:37:16 mbam-log-2012-07-27 (23-30-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410039 Laufzeit: 2 Stunde(n), 11 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\program files\comodo\comodo internet security\quarantine\cfff7f3a-d15b-47e3-b8c3-86df61d76b7b.data (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) |
31.07.2012, 07:38 | #3 |
| MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Das Gmer-File vielleicht gezippt...?
__________________ |
31.07.2012, 07:52 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Ist das rein zufällig ein Büro-PC?
__________________ Logfiles bitte immer in CODE-Tags posten |
31.07.2012, 07:59 | #5 |
| MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Ich hatte mal eine Firma, ja. Und die ganzen verbundenen Laufwerke und so, die da noch aufscheinen, nutze ich noch, solange es funktioniert. Aber das geht ja langsam zu Ende, wie man sieht. Hab ich jetzt verloren? Ich weiss nicht, wie ich mit dem Problem umgehen soll :-( |
31.07.2012, 08:55 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ --> MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) |
31.07.2012, 09:06 | #7 |
| MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Na ok. Wenn ich es recht verstehe, ist da nichts zu retten. Eine IT-Abteilung habe ich auch nicht :-( Formatieren und Neuaufsetzen dann also... Trotzdem vielen Dank. |
31.07.2012, 09:28 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) Vergiss die Ausnahme nicht Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) |
.dll, 7-zip, abstürze, adobe, adware.agent, bho, bluescreen, easybox, entfernen, error, excel, expert pdf, explorer, firefox, flash player, fontcache, format, ftp, helper, installation, internet browser, logfile, ntdll.dll, office 2007, plug-in, problem, realtek, registry, rundll, searchscopes, security, server, spyware.banker.gen, staropen, system, temp, udp, windows, windows internet |