| |
| |||||||
Log-Analyse und Auswertung: Ihr Computer wurde gesperrt Entsperren SIe mit Ukash PolizeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.07.2012, 13:52
| #1 |
 |  Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo! Virus Beschreibung: POP UP Fenster mit einer Meldung Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei STG Alt ENtf funktioniert etc nicht mehr. DH Nootebook wurde heruntergefahren Start im gesicherten Modus war nicht möglich Zweiten Rechner organisisert für Internetsuche ..... Kaspersky Clean heruntergeladen Der Medion Akoya Rechner wurde dann mit F2 über den USK Stick (=0.00) wo Kaspersky rescue gespeichert war gestartet. Keine Internet Zugang möglich weder über Kabel nochüber Wirless - Mit kaspersky gescannt. und die empfohlenen Schritte durchgeführt. NEustart Abgesciherter Modus war nun möglich Anti Malware gestartet: Hier der Report: ------------------------------------------------- Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x64 FAT32 (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] Schutz: Deaktiviert 26.07.2012 13:14:26 mbam-log-2012-07-26 (13-20-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221868 Laufzeit: 4 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Christian\0.6675936184379004.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) ----------------------------------------------- Infiszierte Datei gelöscht. Ein Neustart hat dann das Problem nicht behoben. Bitte um Hilfe zur weiteren Vorgangsweise Was muß nun gemacht werden Nachtrag hier der Report vom Kaspersky: Untersuchung von Objekten: wurde abgeschlossen vor 22 Stunden (Ereignis: 214, Objekte: 5106463, Zeit: 06:43:22) 25.07.12 10:13 Aufgabe wurde gestartet 25.07.12 10:29 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 10:29 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 10:31 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 10:31 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 10:33 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 10:33 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 10:40 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 10:40 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 10:42 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 10:42 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 10:44 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 10:44 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.nd /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class 25.07.12 10:45 Gefunden: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 25.07.12 10:45 Gefunden: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 25.07.12 10:45 Nicht desinfizierte Objekte: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 Zurückgestellt 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nd /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class Zurückgestellt 25.07.12 10:45 Nicht desinfizierte Objekte: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.nh /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nh /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class Zurückgestellt 25.07.12 10:45 Gefunden: HEUR:Trojan.Win32.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/46/18ebb12e-28be960e 25.07.12 10:45 Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/46/18ebb12e-28be960e Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class Zurückgestellt 25.07.12 10:45 Gefunden: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class 25.07.12 10:45 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class Zurückgestellt 25.07.12 11:06 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 11:06 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 11:36 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Downloads/Eigene Dateien/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 11:36 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Downloads/Eigene Dateien/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 12:00 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 12:00 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 12:11 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 12:11 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 12:13 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 12:13 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 12:15 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 12:15 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 12:22 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 12:22 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 12:24 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 12:24 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 12:25 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 12:25 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 13:34 Gefunden: HEUR:Exploit.Script.Generic sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 13:34 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 13:37 Gefunden: Trojan-Downloader.JS.Twetti.q sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 13:37 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 13:38 Gefunden: HEUR:Exploit.Script.Generic sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 13:38 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic sda2/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 13:45 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 13:45 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 13:47 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 13:47 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 13:49 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 13:49 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.nd sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nd sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.nh sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nh sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class Zurückgestellt 25.07.12 13:50 Gefunden: Trojan.Win32.Inject.dibk sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 25.07.12 13:50 Nicht desinfizierte Objekte: Trojan.Win32.Inject.dibk sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 Zurückgestellt 25.07.12 13:50 Gefunden: Trojan.Win32.Inject.dibk sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 25.07.12 13:50 Nicht desinfizierte Objekte: Trojan.Win32.Inject.dibk sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class Zurückgestellt 25.07.12 13:50 Gefunden: HEUR:Trojan.Win32.Generic sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/46/18ebb12e-28be960e 25.07.12 13:50 Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/46/18ebb12e-28be960e Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class Zurückgestellt 25.07.12 13:50 Gefunden: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class 25.07.12 13:50 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class Zurückgestellt 25.07.12 14:13 Verarbeitungsfehler sda2/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 14:13 Verarbeitungsfehler sda2/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 15:01 Verarbeitungsfehler sda2/Users/Christian/Downloads/Eigene Dateien/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 15:01 Verarbeitungsfehler sda2/Users/Christian/Downloads/Eigene Dateien/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 15:26 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip/SB Daten Flah/SMB.DAT Lesefehler 25.07.12 15:26 Verarbeitungsfehler /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/Documents/ennovatis 2010/ennovatis Unterlagen sonstig/Projekte Dokumentationen/Almersberg/SB Daten Flah.zip Lesefehler 25.07.12 15:37 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 15:37 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 15:39 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 15:39 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 15:41 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 15:41 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 15:48 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 15:48 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm Zurückgestellt 25.07.12 15:50 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 15:50 Nicht desinfizierte Objekte: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js Zurückgestellt 25.07.12 15:51 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 15:51 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm Zurückgestellt 25.07.12 16:15 Verarbeitungsfehler sda5/TOOLS/Medion FastBoot/Source Code/E7218_SourceCode.tar.gz/E7218_SourceCode.tar/m71_src/gcc-4.5_4.5.1.orig.tar.gz/gcc-4.5_4.5.1.orig.tar/gcc-4.5-4.5.1.orig/gcc-4.5.1.tar.xz/gcc-4.5.1.tar Lesefehler 25.07.12 16:15 Verarbeitungsfehler sda5/TOOLS/Medion FastBoot/Source Code/E7218_SourceCode.tar.gz/E7218_SourceCode.tar/m71_src/gcc-4.5_4.5.1.orig.tar.gz/gcc-4.5_4.5.1.orig.tar/gcc-4.5-4.5.1.orig/gcc-4.5.1.tar.xz Lesefehler 25.07.12 16:26 Verarbeitungsfehler sda5/TOOLS/Medion FastBoot/Source Code/E7218_SourceCode.tar.gz/E7218_SourceCode.tar/m71_src/qt4-x11_4.7.0.orig.tar.gz Lesefehler 25.07.12 16:49 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/1MYQ6PPT/index[1].htm 25.07.12 16:54 Gefunden: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 16:55 Gelöscht: Trojan-Downloader.JS.Twetti.q /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/B13VP2BD/rollover[1].js 25.07.12 16:55 Gefunden: HEUR:Exploit.Script.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/WCFLS8J8/index[1].htm 25.07.12 16:55 Gefunden: Exploit.Java.CVE-2011-3544.nd /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class 25.07.12 16:55 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nd /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class Eintrag wird nicht unterstützt 25.07.12 16:55 Gefunden: Exploit.Java.CVE-2011-3544.nh /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nh /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 25.07.12 16:56 Gelöscht: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/18/6c1a5912-5298b3e4 25.07.12 16:56 Gefunden: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 25.07.12 16:56 Gelöscht: Trojan.Win32.Inject.dibk /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/19/6178c813-2740a119 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: HEUR:Trojan.Win32.Generic /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/46/18ebb12e-28be960e 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md /mnt/MountedDevices/PD-2BD2C32A-0000000006600000/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.nd sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nd sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/a.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.nh sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.nh sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/765e84d1-6b055ed6/a/Ner.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/ud.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.na sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/21/28d0e915-591f2b63/uc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.lt sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/3/1b8d8383-782d5c8a/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/410732ab-44920baa/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Help.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mb sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/69ecc4b1-22e581c2/a/Test.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_a.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/Inc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/54/367e8f6-1aeb1643/s_b.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.mc sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_a.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.ma sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/Inc.class Eintrag wird nicht unterstützt 25.07.12 16:56 Gefunden: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class 25.07.12 16:56 Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.md sda2/Users/Christian/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/6d0a74c9-6bf6997b/s_b.class Eintrag wird nicht unterstützt 25.07.12 16:56 Aufgabe wurde abgeschlossen Untersuchung von Objekten: wurde abgeschlossen vor 3 Minuten (Ereignis: 2, Objekte: 7, Zeit: 00:00:35) 26.07.12 15:32 Aufgabe wurde gestartet 26.07.12 15:33 Aufgabe wurde abgeschlossen Geändert von Christi007 (26.07.2012 um 14:39 Uhr) |
|
26.07.2012, 15:27
| #2 |
| /// Helfer-Team  | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
26.07.2012, 20:26
| #3 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo T `john !
__________________Herzlihcen Dank für Deine Unterstützung ist gut gelungen!!!!!!! Jedoch Avira findet nun plötzlich doch noch einen Virus: TR/Strictor.5308.2 obwohl ich Antimalware nit vollständigen scan laufen habe lassen Abgesicherter Modus konnte auf dem Akoya nicht gestertet werden Normalmodus funktioniert jetzt und von dem aus habe ich nun den Scan gestartet. Hier der report: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.26.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 26.07.2012 18:10:17 mbam-log-2012-07-26 (18-10-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 507619 Laufzeit: 1 Stunde(n), 41 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier der Report von Avira: Avira AntiVir Premium Erstellungsdatum der Reportdatei: Donnerstag, 26. Juli 2012 20:50 Es wird nach 3995044 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Bhuma Thakar Seriennummer : 2217701426-PEPWE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CHRISTIAN-PC Versionsinformationen: BUILD.DAT : 10.2.0.735 36344 Bytes 25.01.2012 12:44:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 24.10.2011 19:36:00 AVSCAN.DLL : 10.0.5.0 57192 Bytes 24.10.2011 19:36:00 LUKE.DLL : 10.3.0.5 45416 Bytes 24.10.2011 19:36:01 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:57:42 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 24.10.2011 19:36:01 AVREG.DLL : 10.3.0.9 88833 Bytes 24.10.2011 19:36:01 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:36:20 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:54:10 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:19:47 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:09:52 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:36:34 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 12:36:34 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 12:36:34 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 12:36:34 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 12:36:34 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 12:36:34 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 12:36:34 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 12:36:34 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 12:36:34 VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 20:23:33 VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 04:58:15 VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 14:56:17 VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 16:30:22 VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 17:13:31 VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 19:29:11 VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 19:29:21 VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 07:33:53 VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 06:28:34 VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 10:28:44 VBASE024.VDF : 7.11.37.79 149504 Bytes 23.07.2012 18:28:45 VBASE025.VDF : 7.11.37.137 992256 Bytes 25.07.2012 12:25:30 VBASE026.VDF : 7.11.37.138 2048 Bytes 25.07.2012 12:25:30 VBASE027.VDF : 7.11.37.139 2048 Bytes 25.07.2012 12:25:30 VBASE028.VDF : 7.11.37.140 2048 Bytes 25.07.2012 12:25:30 VBASE029.VDF : 7.11.37.141 2048 Bytes 25.07.2012 12:25:30 VBASE030.VDF : 7.11.37.142 2048 Bytes 25.07.2012 12:25:30 VBASE031.VDF : 7.11.37.186 115200 Bytes 26.07.2012 18:05:14 Engineversion : 8.2.10.118 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 18:11:45 AESCRIPT.DLL : 8.1.4.34 455035 Bytes 20.07.2012 06:28:56 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 02:15:57 AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 18:05:36 AERDL.DLL : 8.1.9.15 639348 Bytes 24.10.2011 13:37:21 AEPACK.DLL : 8.3.0.16 807287 Bytes 20.07.2012 06:28:55 AEOFFICE.DLL : 8.1.2.42 201083 Bytes 20.07.2012 06:28:52 AEHEUR.DLL : 8.1.4.76 5063031 Bytes 20.07.2012 06:28:51 AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 19:11:29 AEGEN.DLL : 8.1.5.34 434548 Bytes 20.07.2012 06:28:36 AEEXP.DLL : 8.1.0.68 86389 Bytes 20.07.2012 06:28:56 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 18:11:43 AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 18:11:42 AEBB.DLL : 8.1.1.0 53618 Bytes 24.10.2011 13:37:13 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:56:59 AVPREF.DLL : 10.0.3.2 44904 Bytes 24.10.2011 19:36:00 AVREP.DLL : 10.0.0.10 174120 Bytes 24.10.2011 19:36:01 AVARKT.DLL : 10.0.26.1 255336 Bytes 24.10.2011 19:36:00 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 24.10.2011 19:36:00 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:00:40 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:39:11 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:41:51 RCIMAGE.DLL : 10.0.0.33 2633064 Bytes 24.10.2011 19:36:00 RCTEXT.DLL : 10.0.63.0 98664 Bytes 24.10.2011 19:36:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50380ace\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Donnerstag, 26. Juli 2012 20:50 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'OUTLOOK.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ScriptHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarUser_32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WisLMSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vprot.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchSettings.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVD10Serv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'htcUPCTLoader.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BTPlayerCtrl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TrueImageMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBVolumeWatcher.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WButton.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'OSD.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HotkeyApp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mediasrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'schedhlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'obexsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'x10nets.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ToolbarUpdater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'syncagentsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PassThruSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMSServer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMSMonitorService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'devmonsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'afcdpsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\ProgramData\aasejdjs.exe' C:\ProgramData\aasejdjs.exe [FUND] Ist das Trojanische Pferd TR/Strictor.5308.2 Beginne mit der Desinfektion: C:\ProgramData\aasejdjs.exe [FUND] Ist das Trojanische Pferd TR/Strictor.5308.2 [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2969239515-1227486321-2583158247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aasejdjslpxhgts> wurde erfolgreich repariert. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '563c362b.qua' verschoben! Ende des Suchlaufs: Donnerstag, 26. Juli 2012 20:51 Benötigte Zeit: 00:01 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 62 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 61 Dateien ohne Befall 4 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. OTL Ergebnisss:OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/26/2012 9:04:38 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.72% Memory free 7.82 Gb Paging File | 5.14 Gb Available in Paging File | 65.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657.54 Gb Total Space | 402.40 Gb Free Space | 61.20% Space Free | Partition Type: NTFS Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Drive F: | 7.64 Gb Total Space | 1.71 Gb Free Space | 22.41% Space Free | Partition Type: FAT32 Drive G: | 1.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe () MOD - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\PROGRA~2\MICROS~2\Office12\OUTLCTL.DLL () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (UDisk Monitor) -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe () SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxbf_device) -- C:\Windows\SysNative\lxbfcoms.exe ( ) SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxbf_device) -- C:\Windows\SysWOW64\lxbfcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (vidsflt58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ztemtusbser) -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (mod7764) -- C:\Windows\SysNative\drivers\mod77-64.sys (DiBcom SA) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={0EDFDA55-A3F9-4259-B12F-2301D6F3FEB4}&mid=723dca03fe5647d0bb5ad16f6b220a28-9c2f631c3fefb7d2bfec8f92e6cc4f0b0b3726fd&lang=de&ds=od011&pr=sa&d=2012-07-07 17:56:14&v=11.1.0.12&sap=hp IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{158CC14D-3A32-4440-A40A-56E6915D7356}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0EDFDA55-A3F9-4259-B12F-2301D6F3FEB4}&mid=723dca03fe5647d0bb5ad16f6b220a28-9c2f631c3fefb7d2bfec8f92e6cc4f0b0b3726fd&lang=de&ds=od011&pr=sa&d=2012-07-07 17:56:14&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{D1C517F5-93D0-4A5C-B4ED-AECD4FC37CE1}: "URL" = hxxp://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "resource://webapp/openvpn.html" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 14:12:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/07 17:56:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 14:12:52 | 000,000,000 | ---D | M] [2011/07/25 12:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2011/07/25 12:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\net.openvpn.client ========== Chrome ========== CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C49547E-4A79-4BDE-8913-AB8F16FFCACA}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86DD59FC-FF24-4A07-9C3E-C46AC9E7255C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/25 11:49:44 | 000,000,246 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/09/23 15:07:48 | 000,000,091 | R--- | M] () - G:\autorun.sh -- [ CDFS ] O33 - MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SetupMenue.exe -- [2008/09/24 09:16:56 | 000,155,648 | R--- | M] () O33 - MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\Shell - "" = AutoRun O33 - MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\Shell\AutoRun\command - "" = F:\Setup.exe /Auto O33 - MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun O33 - MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun O33 - MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun O33 - MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\Shell - "" = AutoRun O33 - MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/26 20:59:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012/07/26 12:03:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012/07/26 12:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/26 12:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/26 12:03:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/26 12:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/25 12:10:03 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012/07/25 10:05:38 | 000,000,000 | ---D | C] -- C:\InstantOnOS [2012/07/24 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\vnmiruralkmgnpr [2012/07/12 03:02:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 03:02:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 03:02:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 03:02:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 03:02:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 03:02:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 03:02:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 03:02:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 03:02:52 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 03:02:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 03:02:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 03:02:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/12 03:02:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/10 20:25:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/10 20:25:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/10 20:24:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/10 20:24:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/10 20:24:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/07 17:56:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\AVG Secure Search [2012/07/07 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/07/07 17:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/07/07 17:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/07/07 17:55:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/07/07 17:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/07/07 17:50:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\pdfforge [2012/07/07 17:50:11 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012/07/07 17:50:11 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012/07/07 17:50:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012/07/07 17:50:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012/07/07 17:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/07/07 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2012/07/06 07:19:49 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/07/05 07:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012/07/05 07:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012/06/30 12:17:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{F050DC9A-FA82-4707-9472-60FA4806077B} [2012/06/30 12:17:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{14FDA549-78AB-4357-9516-6CD2BF50C23D} [2011/07/25 12:32:52 | 024,595,456 | ---- | C] (Jive Software) -- C:\Users\Christian\spark_2_6_3_online.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/26 20:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/26 20:43:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/26 18:44:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012/07/26 18:15:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/26 18:15:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/26 18:05:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/26 18:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/26 18:04:43 | 3148,091,392 | -HS- | M] () -- C:\hiberfil.sys [2012/07/26 12:56:31 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/25 18:05:41 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/25 18:05:41 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/25 18:05:41 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/25 18:05:41 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/25 18:05:41 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 21:26:25 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat [2012/07/24 20:40:55 | 000,000,274 | ---- | M] () -- C:\Windows\Brownie.ini [2012/07/24 20:36:27 | 000,000,051 | ---- | M] () -- C:\ProgramData\cfedkzpfdxvhmmz [2012/07/20 15:47:39 | 000,003,760 | ---- | M] () -- C:\Users\Christian\Documents\Eigene Dokumente - Verknüpfung.lnk [2012/07/12 03:28:55 | 000,519,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/11 20:39:43 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/07/07 17:50:20 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012/07/07 17:50:20 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/07/07 10:22:10 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012/07/05 13:02:30 | 000,095,744 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/26 12:03:26 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/24 21:26:25 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat [2012/07/24 20:36:24 | 000,000,051 | ---- | C] () -- C:\ProgramData\cfedkzpfdxvhmmz [2012/07/20 15:47:39 | 000,003,760 | ---- | C] () -- C:\Users\Christian\Documents\Eigene Dokumente - Verknüpfung.lnk [2012/07/07 17:50:20 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012/07/07 17:50:20 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/07/07 10:22:10 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012/06/15 07:45:35 | 000,698,030 | ---- | C] () -- C:\Windows\unins000.exe [2012/06/15 07:45:35 | 000,010,215 | ---- | C] () -- C:\Windows\unins000.dat [2012/03/24 21:20:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll [2012/03/24 21:20:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll [2012/03/24 21:20:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll [2012/03/24 21:20:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll [2012/03/24 21:20:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll [2012/03/24 21:20:54 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll [2012/03/24 21:20:54 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll [2012/03/24 21:20:54 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll [2012/03/24 21:20:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe [2012/03/24 21:20:54 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll [2012/03/24 21:20:54 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe [2012/03/24 21:20:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll [2012/03/24 21:20:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll [2012/03/24 21:20:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll [2012/03/24 21:20:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe [2012/03/24 21:20:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll [2012/03/24 21:20:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe [2012/03/16 09:48:53 | 000,000,221 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\urhtps.dat [2012/02/07 12:00:18 | 000,007,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/21 02:11:06 | 000,004,096 | -H-- | C] () -- C:\Users\Christian\AppData\Local\keyfile3.drm [2011/08/10 21:52:41 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/26 13:30:35 | 000,007,613 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg [2011/07/25 14:09:20 | 000,217,787 | ---- | C] () -- C:\Windows\hpoins46.dat [2011/07/25 14:09:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat [2011/07/25 12:46:43 | 000,000,307 | ---- | C] () -- C:\Users\Christian\Netzlaufwerke_Z.bat [2011/07/25 12:35:27 | 001,035,926 | ---- | C] () -- C:\Users\Christian\MozBackup-1.5.1-EN.exe [2011/07/25 12:31:18 | 016,294,402 | ---- | C] () -- C:\Users\Christian\openvpn-client_c.wysoudil.msi [2011/07/25 12:30:46 | 003,833,928 | ---- | C] ( ) -- C:\Users\Christian\Setup_sPlan60.exe [2011/07/25 11:33:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/07/25 11:32:54 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011/07/25 11:32:53 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011/07/25 11:32:53 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011/07/25 11:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011/07/25 11:32:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2011/07/25 11:31:34 | 000,000,274 | ---- | C] () -- C:\Windows\Brownie.ini [2011/04/24 13:57:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2011/04/24 13:57:24 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2011/04/24 13:35:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/04/24 13:35:40 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/24 13:35:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2011/12/08 03:06:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acronis [2012/04/11 23:37:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ashampoo [2011/08/08 13:52:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Blackberry Desktop [2011/08/24 08:27:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ennovatis [2011/07/29 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HEROLD Business Data [2012/02/09 08:54:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HTC [2011/09/10 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/03/14 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kock [2012/07/07 17:50:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011/07/25 12:48:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenVPN Technologies [2012/07/18 21:59:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Outlook [2012/07/08 08:27:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011/08/08 11:19:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Research In Motion [2011/07/25 12:54:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spark [2011/07/25 12:28:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer [2012/04/13 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UAs [2012/06/25 16:47:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WebApp [2012/04/25 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\xmldm [2011/12/19 06:51:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ZTEEVDO [2012/04/13 13:32:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/26/2012 9:04:38 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.72% Memory free
7.82 Gb Paging File | 5.14 Gb Available in Paging File | 65.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 402.40 Gb Free Space | 61.20% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive F: | 7.64 Gb Total Space | 1.71 Gb Free Space | 22.41% Space Free | Partition Type: FAT32
Drive G: | 1.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EACBA3-2A91-4680-9A15-E4E12BB438D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{04CED1B8-31F1-4667-AD19-0FE5E1B598CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{0507ADF0-FBB0-4F74-916C-C899B296C931}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{096B5789-657F-48D9-A664-22DE623985F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10054535-D398-4A5E-BA14-9053630FC87C}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B920AFD-6908-46BA-8DDA-0F6E6C94A692}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33558809-8BEA-48B3-ACBC-9DDD237D251E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A472B6B-71F2-4129-B753-9BDB55872907}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4D5E2DBA-F80A-4CDC-AAC7-278A79C24A88}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E1A2D4E-E4C0-46ED-AFBC-CFFDD31578B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50BFD9F3-2E43-4A8B-B542-F5149A550C3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5696A4EB-72C6-432C-A1C8-527C0F507B44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E3393CE-A3D3-44D9-8EF4-F033B8AEE312}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{60E8C0AE-47CE-4D81-9D32-C9FAA364D689}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{676E7C78-B879-4447-B575-E88D0BCD327C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724529D5-4DE3-4990-A3F1-D356BE2D9661}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{79AFFBAC-2772-48B2-8118-3468B4AFBF53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94ED0B0B-492F-46D4-837D-FC6A08B3FFE9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{9D3E28C8-C3A0-41D7-9C17-169E614C3DBA}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0EE43BC-474C-48EF-851D-B5CEEAE26328}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA8786A9-15C1-46D1-9DE3-37765E9A738A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ABBEE5D7-A1C0-4FD5-B215-F1AF0492B14C}" = lport=137 | protocol=17 | dir=in | app=system |
"{B40C9C55-0F4C-42B6-90A2-5BA265150C33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB06824B-8590-47C9-A611-EB5228BEB9C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB55107D-B14F-4CA8-AC5F-DE95D183AAFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0A21937-58D8-4B41-8912-B1FCE17469BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C406E7CF-C346-414B-A92C-D866BFC411E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C70B38F3-0D92-401D-AE84-4640A32FFFB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7FD3895-3DFD-45DA-8DB7-43D25B0EC351}" = rport=138 | protocol=17 | dir=out | app=system |
"{C96A709E-AE2D-4A4D-9537-72E622A10475}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD663F00-B4A2-4D08-BC53-410D346A3293}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC156BB0-42D9-45E6-B97B-E5B8A86489F0}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EFF69FC1-2EFE-4205-8400-F8D465F9E580}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3DA1CF1-3093-45A4-B80B-74ECC4102D28}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F6EAB7B0-714C-4E51-8416-1D8DDC3020E6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C74E09-B6AA-4D56-B16F-3BB6ABF4B831}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{02754B93-93BE-4158-A7AF-052DD74C9FC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{08E857A4-191E-4B83-A73E-E76D46F4DBAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B49E36E-1D62-43A3-A9BA-749103461F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D5DD590-76E3-48AA-84E3-8B3DB36F3891}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{10F38E9D-FD4E-4A10-BB0A-9882C7F17904}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1188EB1A-F5A5-4E24-BDE2-2476B5DA55D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1545ABFF-4337-470A-96CD-116A7DFFC37C}" = protocol=6 | dir=out | app=system |
"{15D1E11A-53CF-420A-8E59-5193AC94630A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{188B5056-BA52-4C19-9A9B-38EB78DB9673}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{18D62171-1F78-45D0-BF7F-E8F9F114B11C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1ACF0E2B-664E-44D3-861F-EC5E9C2C0181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DF7D9DD-0DA3-4E5A-9438-26331745FEC3}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{24EEF2AE-B329-4572-ACF6-5E8DB55CCD02}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{2683C635-6616-4AF3-8BA2-6657D0EECE95}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29FB7E7A-ACEF-4B08-B09C-D1C17361ADCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3073CBFD-9025-4DD6-AC5D-979200F3622B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36A75213-8A18-4A6E-A4F1-E3237AAC34EB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{37825C1F-70FA-4345-8FC9-11CF8516BC3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{378277F6-6168-41E8-B9FC-6DE2E9DFB2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3966CACA-9BFD-45A4-912A-5AB1CB3BC6E0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{46D08AD9-68FC-446D-9DB9-8EB152EE06E3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4B39CBBB-520C-424E-A4DD-A435BCCB5FB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4B434886-36B0-4F4D-A3AC-48302F64B55C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57DE1E6F-B5D3-4ACC-853D-B389DE5B0B61}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{59D88A69-B0F1-4AC5-8D5E-2994A2FF72D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{602E3B31-FF97-4E91-B923-225BD80A9A69}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{623EFBE9-CE0A-4559-A541-2583348763DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{6636EC24-F25B-43ED-9C86-519D3B4CE8C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{665AC423-C44C-41BD-9AE8-3A57F2D76959}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68A9A1CF-D554-4AB9-82EF-C1EDE5A2D7CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6AEF70CD-73F3-4A88-B441-32934B294376}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{705B8011-FDF4-4C18-8981-D6B64C611511}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7847F9B9-BD7A-4356-A871-E6555786EAB9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{7B5C53A3-5A1B-424E-A0D4-23C82B16A1EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C3349F3-2021-46CE-927E-56817FBFD1F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{89F9BB41-5C0F-4415-B3E6-C5DEE18C29AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8FF0C88E-B9FF-43B1-8883-AAA486309812}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{A140893A-A76E-4C02-BE9F-6ED290FFFF4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AD29401C-64FB-4CA9-8A0C-F2F5CF2B82ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4B6B2A6-37BF-4FD0-A57F-A2B519925302}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B96B9465-65DC-4119-97DA-FC9865F145D6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{BA24BFD9-2DCD-422C-A041-563B6295FF26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD17E341-F105-41E7-B7EA-1BEF6AD37DE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C1252AE5-C884-4D33-B760-9819B7444B77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C22FFA11-EAC9-41E0-9701-4D7B7833B5D0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C508EE2F-B876-43F7-9FE0-4ACA22B0C7EA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{CDFEFD8B-6242-4350-A1E4-5C72D4E251C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1942F0D-5196-4647-8D20-693947C8C559}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{D1ECF852-EE28-498C-8930-F61D789C368E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2D02EEC-CC20-41B0-BF9F-75398081E645}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{DB53CEB3-46A0-47D9-BB60-73DC662FCBFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCE2AA94-7FC1-4ED2-A514-7482685ED4B9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DD1DC3A7-2713-4E21-BBB1-48630D72EFE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E03F8405-A34B-4030-AA40-8B8F93F16B04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{E16E0924-EB67-4E7F-BE12-0554D928BA36}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe |
"{E17BD08D-52A5-4EEA-BC4D-2E6C1280CF5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{E8179083-5C29-4E88-9EDF-F6C206A005AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{EABC12DF-1CE1-4635-9099-40C0B052DD27}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{EDB89069-87DC-4DFB-B2EF-FB1EC8BD2F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F1ED1A8B-1510-40F4-BBA2-1D144002D066}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F60F67FC-0DD0-4EC8-8BDF-B819D5D1C7CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F9C00BF4-12BE-4A7E-B77D-C2E79F623036}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{FBEB7301-C6C4-4AD5-B3AC-930E4578B22C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe |
"TCP Query User{E047D074-DB01-4A19-904D-55F03E371870}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{16AF3F59-C18C-4D88-8AE9-72E1C726BA6E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}" = VR-pulse Installer
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Lexmark X6100 Series" = Lexmark X6100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZTEWireless-101_is1" = MBlaze UI
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C91E88D-F89A-4CAC-AE06-6F36C2F2C2DE}" = Brother HL-2030
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76CC7BC1-CEF7-4A1E-84B8-3B9711AC7175}" = ennovatis Controlling
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5509EE-5579-46C1-B566-5065545547F9}" = Media Add-ons für Acronis True Image Home 2012
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}" = Acronis True Image Home 2012
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}Visible" = Acronis True Image Home 2012
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Premium
"bob internet" = bob internet
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HEROLD Telefonbuch DVD home + route" = HEROLD Telefonbuch DVD home + route
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.5.1
"OKHV-NT Hausverwaltung_is1" = OKHV-NT Hausverwaltung Version 5.4.0 B
"Spark 2.6.3.12555" = Spark 2.6.3.12555
"sPlan_60_is1" = sPlan 6.0
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/24/2012 2:48:55 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/24/2012 2:55:13 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/24/2012 3:28:23 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/25/2012 1:58:48 AM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/25/2012 12:00:33 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/25/2012 2:19:55 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 6:02:30 AM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 8:22:07 AM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 11:39:55 AM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/26/2012 12:05:13 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 10/11/2011 7:02:37 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/17/2011 2:36:01 PM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54913
seconds with 6600 seconds of active time. This session ended with a crash.
Error - 11/16/2011 12:27:21 PM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2429
seconds with 120 seconds of active time. This session ended with a crash.
Error - 12/2/2011 5:00:40 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4790
seconds with 1800 seconds of active time. This session ended with a crash.
Error - 1/13/2012 10:50:35 PM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/6/2012 4:27:32 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7963
seconds with 420 seconds of active time. This session ended with a crash.
Error - 2/6/2012 4:28:47 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/7/2012 6:01:13 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 13 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/14/2012 3:14:32 PM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24411
seconds with 5160 seconds of active time. This session ended with a crash.
Error - 6/9/2012 10:32:04 AM | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 110894
seconds with 3660 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/29/2012 6:50:07 AM | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 3/29/2012 7:17:44 AM | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 3/29/2012 3:16:22 PM | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 3/31/2012 6:21:50 AM | Computer Name = Christian-PC | Source = ipnathlp | ID = 31004
Description =
Error - 3/31/2012 6:21:55 AM | Computer Name = Christian-PC | Source = ipnathlp | ID = 31004
Description =
Error - 4/1/2012 3:24:57 AM | Computer Name = Christian-PC | Source = ipnathlp | ID = 31004
Description =
Error - 4/1/2012 3:24:57 AM | Computer Name = Christian-PC | Source = ipnathlp | ID = 31004
Description =
Error - 4/1/2012 7:40:48 AM | Computer Name = Christian-PC | Source = ipnathlp | ID = 31004
Description =
Error - 4/2/2012 3:30:12 AM | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 4/2/2012 3:52:00 AM | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
26.07.2012, 22:18
| #4 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :Processes
killallprocesses
:OTL
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (UDisk Monitor) -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe ()
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{158CC14D-3A32-4440-A40A-56E6915D7356}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0EDFDA55-A3F9-4259-B12F-2301D6F3FEB4}&mid=723dca03fe5647d0bb5ad16f6b220a28-9c2f631c3fefb7d2bfec8f92e6cc4f0b0b3726fd&lang=de&ds=od011&pr=sa&d=2012-07-07 17:56:14&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D1C517F5-93D0-4A5C-B4ED-AECD4FC37CE1}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "resource://webapp/openvpn.html"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/25 11:49:44 | 000,000,246 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/09/23 15:07:48 | 000,000,091 | R--- | M] () - G:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SetupMenue.exe -- [2008/09/24 09:16:56 | 000,155,648 | R--- | M] ()
O33 - MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\Shell - "" = AutoRun
O33 - MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\Shell\AutoRun\command - "" = F:\Setup.exe /Auto
O33 - MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun
O33 - MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun
O33 - MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\Shell - "" = AutoRun
O33 - MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\Shell - "" = AutoRun
O33 - MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/07/05 07:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/07/05 07:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/07/26 20:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 20:43:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 18:05:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kock
[2012/04/13 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UAs
:Files
C:\ProgramData\Partner\Partner.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
27.07.2012, 13:18
| #5 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Dear T'John! Genz herzlichen Dank für die Mühe - ich habe den Code im OTL eingegeben und bin auf Fixrun gegangen und habe einen NEustart vorgenommen. Ergebniss siehe unten. Ich habe folgende Fragen im Zusammenhang mit der ganzen Virus Problematik: 1) Ihr arbeitet Tag und NAcht - wer gibt Euch Entgelt für diese einzigartige Leistung? 2) Was kann der Grund sein dass Avira Prmium den Virus nicht erkannt hatte - die letzten Updates waren eingespielt. 3) Da es hier um einen Betrugsversuch handelt soll man das bei der Polizei anzeigen? 4) Was ist der Hintergrund dass Viren im Umlauf gebracht werden gibt es da Studien dafür HAst DU ev einen vernünftigen Link dazu? 5) Hast Du Tips wie man die Daten / System am besten sichert ich habe Acronis True Image installiert 6) Gibt es eine Versicherung gegen Virenschäden? wenn ja welche ist hier zu empfehlen? 7) Welchen Webbrowser empfiehlst Du? Derzeit habe ich AVG installiert bin aber nicht so ganz überzeugt davon ....... Danke im Voraus für Deine Unterstützung ohne Dich hätte ich wohl Null Chance gehabt. Hier der finale OTL report bitte um Deinen Feedback, ob dieser gut aussieht: All processes killed Error: Unable to interpret <Code:> in the current context! Error: Unable to interpret <---------> in the current context! ========== PROCESSES ========== ========== OTL ========== Service MyWiFiDHCPDNS stopped successfully! Service MyWiFiDHCPDNS deleted successfully! C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe moved successfully. Service UDisk Monitor stopped successfully! Service UDisk Monitor deleted successfully! C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{158CC14D-3A32-4440-A40A-56E6915D7356}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{158CC14D-3A32-4440-A40A-56E6915D7356}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1C517F5-93D0-4A5C-B4ED-AECD4FC37CE1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1C517F5-93D0-4A5C-B4ED-AECD4FC37CE1}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. C:\ProgramData\Partner\Partner64.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. C:\ProgramData\Partner\Partner.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant deleted successfully. C:\Windows\SysNative\LogiLDA.DLL moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HTC Sync Loader deleted successfully. C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LMgrOSD deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully. C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserChoice deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. G:\autorun.inf scheduled to be moved on reboot. File move failed. G:\autorun.sh scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0311fa65-b5a5-11e0-b34c-806e6f6e6963}\ not found. File E:\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43595d6a-b79f-11e0-84a8-806e6f6e6963}\ not found. File move failed. G:\SetupMenue.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83505920-2719-11e1-9478-00262dc6e3db}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83505920-2719-11e1-9478-00262dc6e3db}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83505920-2719-11e1-9478-00262dc6e3db}\ not found. File F:\Setup.exe /Auto not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad56-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad56-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad56-b79f-11e0-8211-00262dc6e3db}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad5e-b79f-11e0-8211-00262dc6e3db}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad62-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19bad62-b79f-11e0-8211-00262dc6e3db}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a19bad62-b79f-11e0-8211-00262dc6e3db}\ not found. File F:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf43ed03-9dd1-11e1-8df9-00262dc6e3db}\ not found. File F:\AutoRun.exe not found. C:\Program Files (x86)\Application Updater folder moved successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully. C:\Program Files (x86)\Common Files\Spigot folder moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Users\Christian\AppData\Roaming\kock folder moved successfully. C:\Users\Christian\AppData\Roaming\UAs folder moved successfully. ========== FILES ========== C:\ProgramData\Partner\Partner.exe moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Christian\Desktop\cmd.bat deleted successfully. C:\Users\Christian\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: .wh..wh.orph User: .wh..wh.plnk User: All Users User: Christian ->Temp folder emptied: 2294935445 bytes ->Temporary Internet Files folder emptied: 912097846 bytes ->Java cache emptied: 926293 bytes ->Google Chrome cache emptied: 60751690 bytes ->Flash cache emptied: 113575 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 473762817 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 7810993808 bytes Total Files Cleaned = 11,018.00 mb [EMPTYFLASH] User: .wh..wh.orph User: .wh..wh.plnk User: All Users User: Christian ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: .wh..wh.orph User: .wh..wh.plnk User: All Users User: Christian ->Java cache emptied: 0 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07272012_133415 Files\Folders moved on Reboot... File move failed. G:\autorun.inf scheduled to be moved on reboot. File move failed. G:\autorun.sh scheduled to be moved on reboot. File move failed. G:\SetupMenue.exe scheduled to be moved on reboot. C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. PendingFileRenameOperations files... [2008/09/25 11:49:44 | 000,000,246 | R--- | M] () G:\autorun.inf : MD5=645D6A1D90C18EDE06922723024A8446 [2008/09/23 15:07:48 | 000,000,091 | R--- | M] () G:\autorun.sh : MD5=347277E0A9B3D3E3773C3431B8F7216A [2008/09/24 09:16:56 | 000,155,648 | R--- | M] () G:\SetupMenue.exe : MD5=57850335407213351B0993A4B1FC6753 File C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012/07/27 13:41:37 | 000,000,081 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5 Registry entries deleted on Reboot... Best Greetings aus dem Wienerwald |
|
27.07.2012, 13:19
| #6 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Sehr gut!  Die Fragen beantworte ich dir spaeter, sobald der Rechner sauber und abgesichert ist. Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei |
|
27.07.2012, 15:53
| #7 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo T'John! Besten Dank der Nachfrage dem Notebook geht es nun wesentlich besser - es sind bisweilen keine weiteren Beschwerden auf der Oberfläche zu sehen. Ich habe ein MAMW Update gemacht und den Scan gestartet aber vergessen Outlook zu SChließen Hier der MAMW Report: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 27.07.2012 15:18:26 mbam-log-2012-07-27 (15-18-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 463198 Laufzeit: 1 Stunde(n), 28 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der zweite Report ist noch nicht fertig kommt dann aber auch bald # AdwCleaner v1.703 - Logfile created 07/27/2012 at 17:00:13 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Christian - CHRISTIAN-PC # Running from : C:\Users\Christian\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** Found : vToolbarUpdater11.2.0 ***** [Files / Folders] ***** Folder Found : C:\Users\Christian\AppData\Local\AVG Secure Search Folder Found : C:\Users\Christian\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Christian\AppData\LocalLow\pdfforge Folder Found : C:\Users\Christian\AppData\LocalLow\Search Settings Folder Found : C:\Users\Christian\AppData\Roaming\OpenCandy Folder Found : C:\Users\Christian\AppData\Roaming\pdfforge Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [Registry] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\pdfforge Key Found : HKCU\Software\Search Settings Key Found : HKLM\SOFTWARE\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\pdfforge Key Found : HKLM\SOFTWARE\Search Settings Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] [x64] Key Found : HKCU\Software\AVG Secure Search [x64] Key Found : HKCU\Software\IGearSettings [x64] Key Found : HKCU\Software\pdfforge [x64] Key Found : HKCU\Software\Search Settings [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 [x64] Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho [x64] Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 [x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol [x64] Key Found : HKLM\SOFTWARE\Classes\S [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={0EDFDA55-A3F9-4259-B12F-2301D6F3FEB4}&mid=723dca03fe5647d0bb5ad16f6b220a28-9c2f631c3fefb7d2bfec8f92e6cc4f0b0b3726fd&lang=de&ds=od011&pr=sa&d=2012-07-07 17:56:14&v=11.1.0.12&sap=hp -\\ Google Chrome v20.0.1132.57 File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7964 octets] - [27/07/2012 16:56:23] AdwCleaner[R2].txt - [8187 octets] - [27/07/2012 17:00:13] ########## EOF - C:\AdwCleaner[R2].txt - [8315 octets] ########## Ok hier kommt nun beim Schließen die Frage By using only the search mode ADW Cleaner has not removed detected items .... soll ich nun den Deleat Button verwenden - ich dachte da gibt es keine infiszierte Datei mehr. Bitte um Deine Anweisung. Weiters habe ich gesehen dass auf dem Notebook Service Pack 1 installiert ist - gibt es ein Service pack 2 auch? |
|
27.07.2012, 16:08
| #8 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
27.07.2012, 17:23
| #9 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Dear T'John! UUPS da ist nun der Rechner beim Heruterfahren hängen geblieben und hat einen schwarzen Bildschirm zurückgelassen. Ich habe den Ausschlter betätigt nach ca 10 Min Wartezeit. Bin wieder hochgefahtren im abgesicherten Modus Nochmals im normalen modis hochgefahren Report kam wie vorausgesagt siehe unten Avira hat sich gemeldet mit kleinem Fenster rechts unten: die Verison ist veraltet kaufen sie eine neue. dann als ich Dir den Bericht eingeben wollte war plötzlich alles an Dich geschriebene weg. Ich hoffe jetzt funktioniert es wieder In der Analge die Avira Info betreff der Lizenz die bis Dezember gilt. What to Do? |
|
27.07.2012, 17:29
| #10 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Was hast du gemacht, als er abgestuerzt ist? |
|
27.07.2012, 17:47
| #11 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo T'John! WIe gesagt ich habe dann den aus Schalter gedrück und bin dann später wieder hochgefahren nach einer Wartezeit. Davor ist alles nach Anleitung gelaufen: Die EMISOFTWARE hat einen Neustart per Pop Up angefordert Vermutlich war der Fehler dass ich nicht die Aktuellen Signaturen heutergeladen habe . Sorry hier habe ich mich vertan das war natürlich nicht die Emsisoftware die den schwarzen Bildschirm beim Herunterfahren verursacht hat sondern die ADW Cleaner Jetzt werde ich Emsi Staren Geändert von Christi007 (27.07.2012 um 17:54 Uhr) |
|
27.07.2012, 17:48
| #12 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Gut, mach den Emsisoft scan nochmal. MIT neuen Signaturen. |
|
27.07.2012, 23:00
| #13 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo T'John! ich binleider eingeschalfen beim scan nun der Report von EMSI Soft What will be the next step? Soll die Toolbar entfernt werden? Emsisoft Anti-Malware - Version 6.6 Letztes Update: 27.07.2012 18:51:05 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\ Archiv Scan: An ADS Scan: An Scan Beginn: 27.07.2012 18:55:55 C:\_OTL\MovedFiles\07272012_133415\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1 Gescannt 710101 Gefunden 1 Scan Ende: 27.07.2012 20:43:16 Scan Zeit: 1:47:21 Bitte um eine Idee welcher da der beste Browser ist ...... Statt AVG danke ..... |
|
28.07.2012, 13:35
| #14 |
| /// Helfer-Team | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 04:42
| #15 |
| | Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei Hallo T'John! EMSI wurde deinstallieert eine Neustart wurde verlangt und gewährt 9 Memeory sticks , 4 externe Platten und 2 Scandisc wurden angeschlossen Eset geladen gestartet und gescannt ist anfänglich gut gelaufen Das Notebook hat sich dann irgendwann in der NAcht verabschiedet. alle externen USB Anschlüsse abgesteckt im abgesicherten Modus hochgefahren Fehlerreport erstellt siehe unten Frage ist es nicht gefährlich den Rechner ohne Firewall und ohne Virenschutz ins Netzgehen zu lassen? Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 3079 Zusatzinformationen zum Problem: BCCode: 1000009f BCP1: 0000000000000004 BCP2: 0000000000000258 BCP3: FFFFFA80036DC660 BCP4: FFFFF80000BA2740 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\072912-37487-01.dmp C:\Windows\Temp\WER-51371-0.sysdata.xml Lesen Sie unsere Datenschutzbestimmungen online: Windows 7-Datenschutzbestimmungen - Microsoft Windows Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline: C:\Windows\system32\de-DE\erofflps.txt ------------------------------------- Hat der Driver_Power_State_Failure etwas mit der möglicherweise zu hohen Anzahl der externen angeschlossenen USB Geräte zu tun? Soll ich nochmals probieren mit weniger externen Geräten? Darf man nach dem der Scan begonnen hat die Internetverbindung abschalten (FN F7) |
|
| Themen zu Ihr Computer wurde gesperrt Entsperren SIe mit Ukash Polizei |
| administrator, anti-malware, autostart, computer, dateien, entsperren sie mit ukash, explorer, fenster, funktioniert, gen, gesperrt, ihr computer wurde gesperrt, kaspersky, malware, medion, meldung, modus, nicht möglich, polize, polizei, pop up, pop up fenster, problem, rechner, report, service, stick, test, trojan.agent.ge, version |
Linear-Darstellung
