| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2012, 22:55
| #1 |
| |  RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Hallo Trojaner-Board-Community, ich habe hier vor mir einen PC auf dem der GVU-Trojaner 2.07 war/ ist. Nachdem ich mich etwas im Internet belesen habe, trennte ich den PC zuerst vom Internet und löschte dann nach einem Neustart die Datei "roper0dun.exe". Diese Schritte wurden auf einer Website beschrieben, welche ich leider nicht mehr vor mir habe. Somit kann ich den Link dorthin leider nicht hier einfügen. Die Seite war blog.botfrei.de. Nachdem ich den PC nach der Löschung wieder neustartete erschien folgendes Fenster: Anhang 42333 Jetzt habe ich das Thema "Für alle Hilfesuchenden!" durchgearbeitet und hoffe nichts vergessen zu haben und alles richtig zu machen im Folgenden. Vorab das der Inhalt des Malware-Logfiles, welches 5 Meldungen beinhaltet: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 MadMax :: TOWER [Administrator] Schutz: Deaktiviert 31.08.2012 00:01:09 mbam-log-2012-08-31 (00-04-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 184793 Laufzeit: 3 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.cfg (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.xtr (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Hier die anderen Logfiles: OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2012 23:21:23 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\MadMax\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,59% Memory free 5,99 Gb Paging File | 5,01 Gb Available in Paging File | 83,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,19 Gb Total Space | 9,49 Gb Free Space | 11,41% Space Free | Partition Type: NTFS Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Computer Name: TOWER | User Name: MadMax | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.30 22:28:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\MadMax\Downloads\OTL.exe PRC - [2012.08.09 00:10:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe PRC - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:07:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.09 15:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe PRC - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe PRC - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.08.03 00:32:21 | 000,115,137 | ---- | M] () -- C:\Users\MadMax\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll MOD - [2012.06.14 17:26:40 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.14 17:24:00 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.14 17:23:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.14 17:23:36 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.14 17:23:34 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.11 23:16:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.11 23:06:32 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 23:06:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.11 22:58:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 22:55:49 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.11 22:55:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.11 22:55:34 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.11 22:55:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll ========== Services (SafeList) ========== SRV - [2012.08.27 18:45:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.05.08 13:07:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:07:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2011.07.25 20:07:39 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.06.23 08:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM) DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.11.11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) DRV - [2010.11.11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.11.11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.04.24 09:18:40 | 010,472,960 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] [2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Extensions [2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions [2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml [2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml [2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml [2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MADMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll CHR - Extension: Music Notation Training = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\ CHR - Extension: YouTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Guitar Pro Viewer = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\ CHR - Extension: AdBlock = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: History Eraser = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\ CHR - Extension: Dropbox = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\ CHR - Extension: Google Maps = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\ CHR - Extension: Google Mail-Checker = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Facebook Notifications = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck turegopt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Malwarebytes [2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Cyanogenmod7_BU [2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Samsung_BU [2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Handy [2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Local\Proxure [2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center [2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Foxit Software [2012.08.01 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\MadMax\AppData\Roaming\pcouffin.sys [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\MadMax\defogger_reenable [2012.08.30 22:51:36 | 000,020,191 | ---- | M] () -- C:\Users\MadMax\Desktop\RunDLL.JPG [2012.08.30 22:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 22:13:55 | 003,694,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.30 17:10:00 | 000,001,889 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.27 00:39:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.27 00:39:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.27 00:39:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.27 00:39:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\MadMax\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep2.JPG [2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep.JPG [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\MadMax\defogger_reenable [2012.08.30 22:51:32 | 000,020,191 | ---- | C] () -- C:\Users\MadMax\Desktop\RunDLL.JPG [2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 22:13:42 | 003,694,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.30 17:10:00 | 000,001,889 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\MadMax\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep2.JPG [2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep.JPG [2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\MadMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\MadMax\AppData\Local\Resmon.ResmonCfg [2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\MadMax\Foto.JPG [2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\MadMax\Foto(1).JPG [2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.cfg [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamShapes.ini [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamLayout.ini [2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Camdata.ini [2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.ini [2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.Data.ini [2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.command [2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll [2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe [2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll [2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll [2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll [2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll [2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll [2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll [2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll [2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\vso_ts_preview.xml [2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\inst.exe [2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.cat [2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.inf [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys [2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll ========== LOP Check ========== [2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Azureus [2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Canon [2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\DAEMON Tools Lite [2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Dropbox [2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Foxit Software [2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\install [2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\KeePass [2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LG Electronics [2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LGSync [2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\ManyCam [2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\NaviCoder IDE for Java [2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Photodex [2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\PhotoScape [2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Samsung [2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\SmartTools [2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TeamViewer [2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Temp [2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Thunderbird [2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TuneUp Software [2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Ubisoft [2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Vso [2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\WebcamMax [2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2012 23:14:51 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\MadMax\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,36% Memory free
5,99 Gb Paging File | 4,80 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 9,57 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Computer Name: TOWER | User Name: MadMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system |
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system |
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe |
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 14:10:15 | Computer Name = Tower | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
[ System Events ]
Error - 30.04.2012 09:07:32 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 23:39:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 Hitachi_HDT721016SLA380 rev.ST1OA3AA
Running: rzsv3csd.exe; Driver: C:\Users\MadMax\AppData\Local\Temp\kxldipow.sys
---- System - GMER 1.0.15 ----
SSDT 923E479E ZwCreateSection
SSDT 923E47A8 ZwRequestWaitReplyPort
SSDT 923E47A3 ZwSetContextThread
SSDT 923E47AD ZwSetSecurityObject
SSDT 923E47B2 ZwSystemDebugControl
SSDT 923E473F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C3C989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5C4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C6387C 4 Bytes [9E, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C63BD8 4 Bytes [A8, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C63C1C 4 Bytes [A3, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C63C98 4 Bytes [AD, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C63CEC 4 Bytes JMP C10DEF73
.text ...
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[2368] ntdll.dll!DbgUiRemoteBreakin 7762F17D 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x62 0x70 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0x54 0x33 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xC1 0xA1 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x62 0x70 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0x54 0x33 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xC1 0xA1 0xC5 ...
---- EOF - GMER 1.0.15 ----
Vielen Dank im Voraus für euere Hilfe! Geändert von chillkröte86 (30.08.2012 um 23:07 Uhr) |
|
31.08.2012, 07:25
| #2 | |||
| /// Helfer-Team    | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. starte Malwarebytes Anti-Malware -> Update ziehen -> Vollständiger Suchlauf wählen -> Funde löschen lassen -> Scanergebnis hier posten! 2. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
31.08.2012, 13:13
| #3 |
| | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Hallo Kira,
__________________danke für deine schnelle Antwort! Zu 1.: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ***:: TOWER [Administrator] Schutz: Deaktiviert 31.08.2012 12:07:54 mbam-log-2012-08-31 (13-36-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309790 Laufzeit: 1 Stunde(n), 24 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 D:\Program Files\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.cfg (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.xtr (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 13:49:45 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,08% Memory free 5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,19 Gb Total Space | 8,52 Gb Free Space | 10,24% Space Free | Partition Type: NTFS Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Computer Name: TOWER | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Device Center\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Device Center\itype.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\Program Files\Unlocker\UnlockerCOM.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (KMService) -- C:\Windows\System32\srvany.exe () ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows (R) Win 7 DDK provider) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdserd) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UnlockerDriver5) -- D:\Program Files\Unlocker\UnlockerDriver5.sys () DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] [2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions [2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml [2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml [2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml [2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll CHR - Extension: Music Notation Training = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Guitar Pro Viewer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: History Eraser = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\ CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\ CHR - Extension: Google Maps = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\ CHR - Extension: Google Mail-Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Facebook Notifications = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck turegopt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 12:06:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Cyanogenmod7_BU [2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samsung_BU [2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Handy [2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure [2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center [2012.08.18 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.18 12:16:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.18 12:16:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.18 12:16:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.18 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.18 12:16:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.18 12:16:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.18 12:10:58 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.18 12:10:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.18 12:10:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.08.01 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [30 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.31 13:45:59 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 13:45:59 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 13:44:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 13:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.30 22:51:36 | 000,020,191 | ---- | M] () -- C:\Users\***\Desktop\RunDLL.JPG [2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.27 18:45:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.27 18:45:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.27 00:39:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.27 00:39:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.27 00:39:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.27 00:39:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\***\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\***\Desktop\Sheep2.JPG [2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\***\Desktop\Sheep.JPG [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.30 22:51:32 | 000,020,191 | ---- | C] () -- C:\Users\***\Desktop\RunDLL.JPG [2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\***\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\***\Desktop\Sheep2.JPG [2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\***\Desktop\Sheep.JPG [2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\***\Foto.JPG [2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\***\Foto(1).JPG [2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.ini [2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.Data.ini [2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.command [2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll [2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe [2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll [2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll [2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll [2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll [2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll [2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll [2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll [2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys [2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll ========== LOP Check ========== [2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\install [2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LG Electronics [2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LGSync [2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam [2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NaviCoder IDE for Java [2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Photodex [2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools [2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax [2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 13:49:45 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,08% Memory free
5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,52 Gb Free Space | 10,24% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system |
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system |
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe |
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 21:22:38 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
adressfenster-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"d:\program files\smarttools\word adressfenster-assistent\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 30.08.2012 21:22:39 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
falz & lochmarken-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"d:\program files\smarttools\word falz & lochmarken-assistent\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 30.08.2012 21:22:40 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
musterbrief-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"d:\program files\smarttools\word musterbrief-assistent\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
[ System Events ]
Error - 30.04.2012 09:07:32 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Zu 4.: Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 14.01.2012 3.1.0.4880 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.08.2012 6,00MB 11.4.402.265 Avira Free Antivirus Avira 09.08.2012 104MB 12.0.0.1167 BMO WORLD 4.4.0 Broomop And Schthack 11.03.2012 4.4.0 CanoScan Toolbox Ver4.5 26.07.2011 CCleaner Piriform 22.08.2012 3.22 DAEMON Tools Lite DT Soft Ltd 16.02.2012 4.45.3.0297 DivX-Setup DivX, LLC 14.01.2012 2.6.1.5 DivxToDVD 0.5.2b VSO-Software SARL 16.06.2012 0.5.2b Dual-Core Optimizer AMD 14.01.2012 86,0KB 1.1.4.0169 Duke Nukem Forever (CREATED BY XEONKING©) 16.01.2012 1.0 EA Download Manager Electronic Arts, Inc. 14.01.2012 6.0.4.124 EA Download Manager UI Electronic Arts 14.01.2012 6.0.4.124 eCom Sonix 21.05.2012 5.18.1209.102 Foxit Reader Foxit Corporation 02.08.2012 36,1MB 5.3.1.606 Google Chrome Google Inc. 13.02.2012 20.0.1132.43 HTC Driver Installer HTC Corporation 22.07.2012 1,84MB 3.0.0.007 Java(TM) 6 Update 31 Oracle 24.03.2012 95,1MB 6.0.310 Java(TM) 7 Update 5 Oracle 22.07.2012 99,3MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 22.07.2012 20,8MB 2.1.1 JDownloader 0.9 AppWork GmbH 06.02.2012 0.9 KeePass Password Safe 2.17 Dominik Reichl 11.12.2011 5,41MB Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 30.08.2012 18,7MB 1.62.0.1300 Medal of Honor (TM) Electronic Arts 14.01.2012 7,22GB 1.0.0.0 Medal of Honor 2010 Deutsch Patch x32 14.01.2012 Media Player Codec Pack 4.1.3 Media Player Codec Pack 11.01.2012 4.1.3 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.08.2011 38,8MB 4.0.30320 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.08.2011 2,93MB 4.0.30320 Microsoft Office Professional Plus 2010 Microsoft Corporation 25.08.2011 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 11.05.2012 104MB 5.1.10411.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.01.2012 298KB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.12.2011 240KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.07.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.07.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 16,5MB 10.0.40219 Microsoft-Maus- und Tastatur-Center Microsoft Corporation 18.08.2012 1.1.500.0 Mozilla Firefox 15.0 (x86 de) Mozilla 30.08.2012 50,3MB 15.0 Mozilla Firefox 5.0 (x86 de) Mozilla 25.07.2011 31,1MB 5.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 26.07.2011 35,0KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.07.2011 1,33MB 4.20.9876.0 MyFreeCodec 25.07.2011 NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 03.02.2012 275.33 NVIDIA PhysX NVIDIA Corporation 14.01.2012 119MB 9.09.0203 OXPDFtoImage Version 2.2.2.24 OXPDF, Inc. 07.05.2012 32,7MB 2.2.2.24 pdfsam 07.05.2012 2.2.1 Picasa 3 Google, Inc. 01.07.2012 3.8 PL-2303 USB-to-Serial 20.02.2012 Samsung CLP-310 Series Samsung Electronics CO.,LTD 26.07.2011 Samsung Kies Samsung Electronics Co., Ltd. 03.08.2011 184MB 2.0.1.11053_66 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 31.07.2012 37,9MB 1.3.450.0 Skype™ 5.10 Skype Technologies S.A. 24.08.2012 19,4MB 5.10.116 SmartTools Publishing • Word Adressfenster-Assistent SmartTools Publishing 13.05.2012 v2.50 SmartTools Publishing • Word Falz & Lochmarken-Assistent SmartTools Publishing 13.05.2012 v6.50 SmartTools Publishing • Word Musterbrief-Assistent SmartTools Publishing 13.05.2012 v7.00 SpeedFan (remove only) 14.01.2012 TeamViewer 7 TeamViewer 12.06.2012 7.0.12979 Ubisoft Game Launcher UBISOFT 18.12.2011 1.0.0.0 Unlocker 1.9.1 Cedrick Collomb 01.08.2012 1.9.1 ViewSonic Windows 7 Signed Files 06.02.2012 VLC media player 1.1.11 VideoLAN 06.11.2011 1.1.11 VSO CopyToDVD 4 VSO Software 16.06.2012 126MB 4.3.1.12c WebcamMax 05.04.2012 7.1.7.2.MultiLanguage WinRAR 4.01 (32-Bit) win.rar GmbH 25.07.2011 4.01.0 |
|
01.09.2012, 00:54
| #4 | |
| /// Helfer-Team | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml
[2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml
[2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Tipp: -> Java-Updates konfigurieren 3. Alle Programme/Fenster schliessen Java-Cache leeren Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 4. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 5. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
6. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
7. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.09.2012, 12:42
| #5 |
| | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) OK, habe jetzt alle deine Schritte nacheinander abgearbeitet. Bisher kam beim Neustart schon keine Fehlermeldung mehr =) Hier das Logfile des Eset Online Scanner (NOD32): Code:
ATTFilter L:\programme_cds\Unlocker1.9.1-x64.exe Win32/Adware.ADON application cleaned by deleting - quarantined
L:\programme_cds\Unlocker1.9.1.exe Win32/Adware.ADON application cleaned by deleting - quarantined
L:\programme_cds\Handy\SuperOneClickv2.3.3.zip multiple threats deleted - quarantined
L:\programme_cds\Handy\SOC\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
L:\programme_cds\Handy\SOC\Exploits\zergRush Android/Exploit.Lotoor.AN trojan cleaned by deleting - quarantined
trojan deleted - quarantined
Hier die neuen OTL-Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.09.2012 13:22:46 - Run 4 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,56% Memory free 5,99 Gb Paging File | 3,56 Gb Available in Paging File | 59,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,19 Gb Total Space | 8,80 Gb Free Space | 10,58% Space Free | Partition Type: NTFS Drive D: | 65,86 Gb Total Space | 47,32 Gb Free Space | 71,85% Space Free | Partition Type: NTFS Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Drive L: | 931,51 Gb Total Space | 456,43 Gb Free Space | 49,00% Space Free | Partition Type: NTFS Drive M: | 232,88 Gb Total Space | 25,37 Gb Free Space | 10,89% Space Free | Partition Type: NTFS Computer Name: TOWER | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.08.30 14:34:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.08.27 18:45:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012.08.22 18:17:04 | 003,113,312 | ---- | M] (Piriform Ltd) -- C:\Programme\CCleaner\CCleaner.exe PRC - [2012.08.09 00:10:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe PRC - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:07:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.09 15:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe PRC - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.09.01 02:30:52 | 000,015,848 | ---- | M] () -- D:\Program Files\Java\bin\jp2native.dll MOD - [2012.08.30 14:34:31 | 002,242,528 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.08.27 18:45:05 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012.08.22 22:20:54 | 000,035,840 | ---- | M] () -- C:\Programme\CCleaner\Lang\lang-1031.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - [2012.08.27 18:45:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.05.08 13:07:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:07:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2011.07.25 20:07:39 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.06.23 08:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM) DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.11.11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) DRV - [2010.11.11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.11.11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.04.24 09:18:40 | 010,472,960 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\Program Files\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] [2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions [2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de [2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml [2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll CHR - Extension: Music Notation Training = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Guitar Pro Viewer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: History Eraser = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\ CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\ CHR - Extension: Google Maps = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\ CHR - Extension: Google Mail-Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Facebook Notifications = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck turegopt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.01 02:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.01 02:30:56 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.01 02:19:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.31 12:06:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Cyanogenmod7_BU [2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samsung_BU [2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Handy [2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure [2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center [2012.08.18 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.18 12:16:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.18 12:16:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.18 12:16:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.18 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.18 12:16:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.18 12:16:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.18 12:10:58 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.18 12:10:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.18 12:10:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Foxit Software [2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.01 12:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.01 02:39:01 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.01 02:39:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.01 02:39:01 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.01 02:39:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.01 02:30:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.01 02:30:52 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.01 02:30:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.01 02:30:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.01 02:30:52 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.01 02:28:18 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 02:28:18 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 02:21:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 18:45:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.27 18:45:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\***\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\***\Desktop\Sheep2.JPG [2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\***\Desktop\Sheep.JPG [30 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\***\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\***\Desktop\Sheep2.JPG [2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\***\Desktop\Sheep.JPG [2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\***\Foto.JPG [2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\***\Foto(1).JPG [2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.ini [2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.Data.ini [2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.command [2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll [2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe [2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll [2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll [2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll [2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll [2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll [2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll [2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll [2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys [2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll ========== LOP Check ========== [2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\install [2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LG Electronics [2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LGSync [2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam [2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NaviCoder IDE for Java [2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Photodex [2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools [2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax [2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.09.2012 13:22:46 - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,56% Memory free
5,99 Gb Paging File | 3,56 Gb Available in Paging File | 59,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,80 Gb Free Space | 10,58% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,32 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 456,43 Gb Free Space | 49,00% Space Free | Partition Type: NTFS
Drive M: | 232,88 Gb Total Space | 25,37 Gb Free Space | 10,89% Space Free | Partition Type: NTFS
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system |
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system |
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe |
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 07:08:50 | Computer Name = Tower | Source = VSS | ID = 8193
Description =
Error - 01.09.2012 07:08:50 | Computer Name = Tower | Source = System Restore | ID = 8193
Description =
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 8193
Description =
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = System Restore | ID = 8193
Description =
Error - 01.09.2012 07:08:57 | Computer Name = Tower | Source = MsiInstaller | ID = 11723
Description =
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 8193
Description =
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.05.2012 18:52:11 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
Nochmals vielen Dank für deine Hilfe! |
|
01.09.2012, 13:30
| #6 |
| | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Beitrag war doppelt gepostet.. |
|
02.09.2012, 08:35
| #7 | |
| /// Helfer-Team | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) 1. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
:Files
C:\Users\***\AppData\Roaming\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.09.2012, 00:28
| #8 |
| | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Hier nun das letzte Logfile nach dem Fixen: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
C:\Users\***\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7581561 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_011727
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Danke dafür!  |
|
04.09.2012, 07:11
| #9 | ||
| /// Helfer-Team | RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) |
| adblock, antivir, application/pdf:, autorun, avg, avira, bho, defender, desktop, document, eraser, error, fehler, firefox, flash player, format, google, helper, homepage, install.exe, internet, jdownloader, langs, locker, ntdll.dll, plug-in, prozessor, registry, scan, security, software, svchost.exe, tower, udp, warnung, windows |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
