| |
| |||||||
Log-Analyse und Auswertung: DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2012, 20:30
| #1 |
 |  DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo zusammen, habe schon zweimal den GVU Trojaner gehabt (vor 2 Tagen und vor einigen Wochen). Da ich computermäßig Laie bin, habe ich inzwischen folgende Schutz- und Wartungsprogramme auf meinem Rechner (Windows Vista) und lasse sie regelmäßig laufen. Vielleicht behindern sie sich ja gegenseitig? Avira Antivir, Registry Booster, CCleaner, Malwarebytes Anti-Malware , Paragon Backup & Recovery™ 10 Suite (Klon des Rechners auf externer Festplatte), DriverScanner Folgende Probleme sind noch da, obwohl Antivir und Malware nichts finden (außer ein verstecktes Objekt). Ich kann keine Fotos mehr vom Rechner auf CD brennen (Totalabsturz, der nur mit Ausschalten zu „beheben“ ist) Oft reagiert der Windows Explorer nicht mehr. Nach dem Booten kommt die Anzeige: „Fehler beim Laden von C:/Users/HILLIE*1/AppData/Local/Temp/wgsdgsdgdsgsd.exe. Das angegebene Modul wurde nicht gefunden“ Avira meldet dass „Bonjour“ eine Änderung vorgenommen hat. Habe die Anleitung 1 (keine Fehlermeldung des "defogger") und 2 vorgenommen (Dateien unten) und ein Problem bei Schritt 3 gehabt: Nach Runterladen des Programms: Internetverbindung geschlossen, Avira und Windows Firewall ausgeschaltet. Start des Programmes. Auf rechter Leiste kein Haken bei Laufwerke D:/ (externe Festplatte) Auf rechter Leiste kein Haken bei „Show all“ Nach Scannerstart folgende Fehlermeldung: „1rjfzol1.exe funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist“ Schließen des Programms, Avira und Firewall wieder angeschaltet, ins Internet gegangen und hier gepostet. Was kann ich jetzt machen? Herzlichen Dank und viele Grüße von GunHill OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2012 20:17:19 - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,09% Memory free 4,23 Gb Paging File | 3,09 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,26 Gb Total Space | 140,42 Gb Free Space | 31,54% Space Free | Partition Type: NTFS Drive D: | 20,49 Gb Total Space | 9,84 Gb Free Space | 48,04% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.07 20:16:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.09.01 18:01:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.12.02 17:22:26 | 000,188,600 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.27 16:22:08 | 000,339,968 | ---- | M] () -- C:\Programme\Plustek\OpticFilm 7600i\QuickScan.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.06 14:07:42 | 000,439,768 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 10:17:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 10:17:14 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.10 07:46:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.10 07:35:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.10 07:34:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 07:33:56 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.08.26 18:36:48 | 000,884,736 | ---- | M] () -- C:\Programme\Plustek\OpticFilm 7600i\ScndrvU.drv MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.27 16:22:08 | 000,339,968 | ---- | M] () -- C:\Programme\Plustek\OpticFilm 7600i\QuickScan.exe MOD - [2008.05.28 13:55:10 | 000,086,016 | ---- | M] () -- C:\Programme\Plustek\OpticFilm 7600i\plkcom32.dll MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe MOD - [2004.04.06 18:45:46 | 000,040,960 | ---- | M] () -- C:\Programme\Plustek\OpticFilm 7600i\DetectSession.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon) SRV - [2012.09.01 20:32:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Disabled | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.04.06 14:10:56 | 000,223,704 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007.04.06 14:10:22 | 000,272,856 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007.04.06 14:10:08 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007.04.06 14:08:58 | 000,158,168 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007.04.06 14:08:24 | 000,039,896 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007.04.06 14:08:14 | 000,059,352 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007.04.06 14:07:46 | 000,313,816 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007.04.06 14:06:48 | 000,256,472 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007.02.12 10:46:34 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.01 20:50:13 | 000,030,616 | ---- | M] (PenMount) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmserenum.sys -- (pmserenum) DRV - [2012.09.01 20:27:58 | 000,023,608 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.10.12 17:07:14 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2010.10.12 17:07:12 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2010.10.12 17:07:12 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.10.24 17:28:23 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.09.13 13:48:26 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007.06.16 14:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.04.13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.04.06 14:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{180C8484-65D8-4BF0-94AA-9B397A4FFAAA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{5CEB8E03-46DF-4DDF-A395-8BACDEF90756}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{5F1BF55A-6F6B-4AAB-A327-0FBA647F7D9F}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{E13FB001-1E67-4BDC-904C-1EF3A05701CE}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.4.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2009.01.18 12:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.04 21:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uotzmpuu.default\extensions [2009.11.19 09:12:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uotzmpuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.14 10:36:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uotzmpuu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.12.14 10:36:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\uotzmpuu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.30 02:03:24 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uotzmpuu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.03.28 19:24:22 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\uotzmpuu.default\searchplugins\conduit.xml [2011.03.07 00:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.02 15:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.30 09:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.30 09:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.03 13:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011.03.07 11:39:31 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Programme\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Regions- und Sprachoptionen O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hillienhoff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A9C46A2-27DD-45C6-B998-180135A2E3AD}: NameServer = 195.50.140.182 195.50.140.114 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Fotos\2011\2011.11._September_bis_November\neu_1.10.2011 024 - t-shirt.JPG O24 - Desktop BackupWallPaper: C:\Users\***\Fotos\2011\2011.11._September_bis_November\neu_1.10.2011 024 - t-shirt.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 20:16:14 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Hillienhoff\Desktop\OTL.exe [2012.09.05 22:49:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.05 22:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 22:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.04 21:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luka [2012.09.02 21:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Convar [2012.09.02 21:34:29 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll [2012.09.02 21:34:29 | 000,217,088 | ---- | C] (Dart Communications) -- C:\Windows\System32\DartSock.dll [2012.09.02 21:34:29 | 000,118,784 | ---- | C] (Dart Communications) -- C:\Windows\System32\DartWeb.dll [2012.09.01 20:50:13 | 000,030,616 | ---- | C] (PenMount) -- C:\Windows\System32\drivers\pmserenum.sys [2012.09.01 20:33:14 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.09.01 20:33:11 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2012.09.01 20:33:11 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2012.09.01 20:33:11 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2012.09.01 20:33:03 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.09.01 20:33:03 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.09.01 20:33:02 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.09.01 20:33:02 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.09.01 20:33:02 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.09.01 20:33:02 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.09.01 20:33:01 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.09.01 20:33:01 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.09.01 20:33:01 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.09.01 20:33:01 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.09.01 20:33:01 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.09.01 20:33:00 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.09.01 20:32:59 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2012.09.01 20:32:57 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.09.01 20:32:56 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.09.01 20:32:56 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2012.09.01 20:32:56 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2012.09.01 20:32:56 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.09.01 20:32:55 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2012.09.01 20:32:54 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.09.01 20:32:54 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.09.01 20:32:54 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.09.01 20:32:54 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.09.01 20:32:54 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.09.01 20:32:54 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.09.01 20:32:54 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2012.09.01 20:32:54 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2012.09.01 20:32:54 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.09.01 20:32:54 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2012.09.01 20:32:54 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.09.01 20:32:53 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.09.01 20:32:53 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.09.01 20:32:53 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.09.01 20:32:53 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.09.01 20:32:53 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.09.01 20:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.09.01 20:27:58 | 000,023,608 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.07 20:20:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.07 20:16:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Hillienhoff\Desktop\OTL.exe [2012.09.07 20:15:34 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.07 20:15:34 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.07 20:15:34 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.07 20:15:34 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 20:09:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.09.07 20:09:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 20:09:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 20:09:13 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 20:09:13 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.09.07 20:09:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.09.07 20:09:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 20:09:03 | 2145,562,624 | -HS- | M] () -- C:\hiberfil.sys [2012.09.07 20:06:17 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.09.07 20:04:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.09.07 19:31:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.06 22:02:33 | 000,022,655 | ---- | M] () -- C:\Users\***f\Desktop\Hund.jpg [2012.09.06 19:49:33 | 001,140,654 | ---- | M] () -- C:\Users\***\Desktop\GEN10183r.pdf [2012.09.06 18:57:02 | 005,055,663 | ---- | M] () -- C:\Users\***\Desktop\booklet-GEN10183.pdf [2012.09.05 22:32:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.05 22:30:16 | 000,001,740 | ---- | M] () -- C:\Users\Hillienhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.04 16:56:12 | 000,001,422 | ---- | M] () -- C:\Users\***\Documents\cc_20120904_165608.reg [2012.09.03 12:48:49 | 000,509,440 | -HS- | M] () -- C:\Users\***\Desktop\ehthumbs_vista.db [2012.09.03 12:34:40 | 000,403,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.02 21:17:57 | 000,000,978 | ---- | M] () -- C:\Users\***\Documents\cc_20120902_211753.reg [2012.09.01 20:50:13 | 000,030,616 | ---- | M] (PenMount) -- C:\Windows\System32\drivers\pmserenum.sys [2012.09.01 20:33:14 | 001,725,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.09.01 20:33:12 | 000,214,368 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2012.09.01 20:33:11 | 000,074,080 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2012.09.01 20:33:11 | 000,068,960 | ---- | M] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2012.09.01 20:33:03 | 000,359,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.09.01 20:33:03 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.09.01 20:33:02 | 007,161,696 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.09.01 20:33:02 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.09.01 20:33:02 | 000,295,768 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.09.01 20:33:02 | 000,293,889 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.09.01 20:33:02 | 000,170,840 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.09.01 20:33:02 | 000,064,856 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.09.01 20:33:01 | 000,351,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.09.01 20:33:01 | 000,105,824 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.09.01 20:33:01 | 000,091,488 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.09.01 20:33:01 | 000,061,792 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.09.01 20:33:00 | 001,185,112 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2012.09.01 20:33:00 | 000,350,552 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.09.01 20:32:59 | 007,783,768 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.09.01 20:32:57 | 001,836,376 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.09.01 20:32:56 | 000,709,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2012.09.01 20:32:56 | 000,259,928 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2012.09.01 20:32:56 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.09.01 20:32:55 | 000,357,712 | ---- | M] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2012.09.01 20:32:54 | 002,193,472 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.09.01 20:32:54 | 001,509,480 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.09.01 20:32:54 | 001,292,904 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.09.01 20:32:54 | 000,631,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.09.01 20:32:54 | 000,601,704 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.09.01 20:32:54 | 000,458,344 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.09.01 20:32:54 | 000,421,744 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2012.09.01 20:32:54 | 000,398,192 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2012.09.01 20:32:54 | 000,389,736 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.09.01 20:32:54 | 000,375,400 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.09.01 20:32:54 | 000,335,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2012.09.01 20:32:54 | 000,218,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.09.01 20:32:53 | 001,220,200 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.09.01 20:32:53 | 000,654,952 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.09.01 20:32:53 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.09.01 20:32:53 | 000,218,728 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.09.01 20:29:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2012.09.01 20:27:58 | 000,023,608 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012.09.01 19:55:30 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20120901_195525.reg [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.07 20:05:57 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.09.07 20:04:39 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.09.06 22:15:55 | 000,022,655 | ---- | C] () -- C:\Users\***\Desktop\Hund.jpg [2012.09.06 19:49:33 | 001,140,654 | ---- | C] () -- C:\Users\***\Desktop\GEN10183r.pdf [2012.09.06 18:57:02 | 005,055,663 | ---- | C] () -- C:\Users\***\Desktop\booklet-GEN10183.pdf [2012.09.05 22:30:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.05 22:30:16 | 000,001,740 | ---- | C] () -- C:\Users\Hillienhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.04 16:56:10 | 000,001,422 | ---- | C] () -- C:\Users\***\Documents\cc_20120904_165608.reg [2012.09.02 21:34:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.09.02 21:34:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DartWeb.oca [2012.09.02 21:34:28 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector smart recovery.lnk [2012.09.02 21:17:55 | 000,000,978 | ---- | C] () -- C:\Users\***\Documents\cc_20120902_211753.reg [2012.09.01 20:33:02 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.09.01 20:29:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2012.09.01 20:11:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job [2012.09.01 19:55:27 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20120901_195525.reg [2012.06.23 12:02:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.05.14 14:46:34 | 000,184,829 | ---- | C] () -- C:\Users\***\Unterschrift_Familie0001.JPG [2012.05.08 17:16:53 | 002,256,544 | ---- | C] () -- C:\Users\***\***_Weihnachten.JPG [2012.05.03 22:31:09 | 001,490,999 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll [2011.12.20 15:58:57 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.09.17 15:40:17 | 000,020,531 | -H-- | C] () -- C:\ProgramData\W77X4 [2011.09.17 14:26:55 | 000,000,134 | ---- | C] () -- C:\Windows\A28U.INI [2011.09.17 14:23:02 | 000,001,807 | ---- | C] () -- C:\Windows\if42le.ini [2011.09.17 14:23:02 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini [2011.09.17 14:19:04 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll [2011.07.05 09:13:22 | 000,145,059 | ---- | C] () -- C:\Users\***\Unterschrift_Familie.JPG [2010.09.15 09:02:30 | 000,083,412 | -H-- | C] () -- C:\Users\***\ZbThumbnail.info [2010.01.21 23:33:33 | 001,192,585 | ---- | C] () -- C:\Users\***\Pipi.PDF [2009.04.07 10:45:25 | 000,074,131 | ---- | C] () -- C:\Users\***\Betriebstagebuch KKA.PDF [2009.04.03 13:25:23 | 000,496,799 | ---- | C] () -- C:\Users\***\Familie Unterschrift.JPG [2009.04.01 16:14:19 | 012,773,473 | ---- | C] () -- C:\Users\***\Sibelius Hilfe.pdf [2008.11.29 18:51:31 | 000,933,993 | ---- | C] () -- C:\Users\***\Wartungbericht KKA.PDF [2008.10.27 18:05:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.05.03 23:43:30 | 007,038,688 | ---- | C] () -- C:\Users\***\Gärtnergeburtstag 1200 dpi.TIF [2008.05.03 23:38:23 | 000,156,844 | ---- | C] () -- C:\Users\***\Foto Gärtnergeburtstag.JPG [2008.03.01 15:26:36 | 000,002,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdb.bin [2007.12.17 09:01:48 | 000,191,135 | ---- | C] () -- C:\Users\***\Wertbestätigung Hillienhoff.pdf [2007.12.17 08:44:39 | 000,129,771 | ---- | C] () -- C:\Users\***\Kto-Auszug Gehörschutz .pdf [2007.10.11 17:25:31 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.11 14:54:53 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2007.10.11 14:16:32 | 000,034,304 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.10 13:21:19 | 000,763,215 | ---- | C] () -- C:\Users\***\Unterschrift alle 5.TIF [2007.10.10 13:21:17 | 000,217,088 | ---- | C] () -- C:\Users\***\Carcassonne der Fluss.pdf [2007.10.02 21:28:11 | 000,000,099 | ---- | C] () -- C:\Users\Hillienhoff\AppData\Local\fusioncache.dat ========== LOP Check ========== [2011.12.20 15:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH [2007.10.10 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AAV [2010.01.29 00:49:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.09.05 08:01:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.01.15 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\capella-software [2007.12.18 15:44:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint [2011.07.02 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.12.14 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.12.14 10:36:48 | 000,000,000 | ---D | M] -- C:\Users\Hillienhoff\AppData\Roaming\DVDVideoSoftIEHelpers [2009.11.29 23:56:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe [2012.07.22 08:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lasersoft Imaging [2007.11.12 16:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron [2011.09.17 18:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NewSoft [2011.12.05 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\Hillienhoff\AppData\Roaming\SaalDesignSoftware [2011.01.06 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2012.09.01 20:11:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2012.09.07 20:09:13 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.09.07 20:09:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2012.09.07 20:07:25 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von GunHill (07.09.2012 um 20:44 Uhr) Grund: Namen ediert |
|
08.09.2012, 16:58
| #2 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo zusammen,
__________________ich habe heute - nachdem ich im Forum noch einiges gelesen habe - nochmal Malware aktualisiert und laufen lassen. Es gabe einen Fund (siehe unten). Fotos auf DVD-brennen hat danach wieder funktioniert. Bitte trotzdem um hilfe wegen einer echten "Reinigung". Herzlichen Dank, GunHill Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.08.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***:: ***-PC [Administrator] 08.09.2012 14:13:27 mbam-log-2012-09-08 (16-58-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386390 Laufzeit: 1 Stunde(n), 42 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) |
|
05.12.2012, 19:11
| #3 |
| /// Helfer-Team  | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Dein Thema ist leider untergegangen, bitte in Zukunft nicht selbst antworten. Benoetigst du noch Hilfe?
__________________ |
|
05.12.2012, 19:41
| #4 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo T'john. freue mich, dass es doch noch eine Antwort für mich gibt. Rechner läuft, aber ab und zu vom Windows-Defender der Hinweis auf "bekannte Programme", die etwas ändern, zB. swissarmy & bonjour. Außerdem dauert Hochfahren extrem lange! Letzter Fund von Malwarebytes am 29.11.2012. (siehe unten) Letzte Fund von Avira am 16.11.2011: EXP/CVE-2012-1726.A.684 Inzwischen habe ich statt Explorer Firefox, soll sicherer sein? Wenn esmöglich ist, den Rechner ganz zu säubern, würde ich gerne Deine Hilfe in Anspruch nehmen. Allerdings habe ich inzwischen die gepoststen Dateien alle gelöscht. Soll ich das Prozedere von oben komplett machen? Kann ich die infizierten Dateien löschen? Herzlichen Dank für die Hilfe, GunHill _________________________________________________________________ Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.29.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Hillienhoff :: ***-PC [Administrator] 29.11.2012 20:28:09 mbam-log-2012-11-29 (20-28-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 394212 Laufzeit: 1 Stunde(n), 46 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\ContentaConverter-BASIC\thumbnailbuilder.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
06.12.2012, 18:13
| #5 |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
|
07.12.2012, 14:57
| #6 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo t`john, hier die Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.12.2012 13:08:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,15% Memory free 4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,26 Gb Total Space | 147,18 Gb Free Space | 33,05% Space Free | Partition Type: NTFS Drive D: | 20,49 Gb Total Space | 9,84 Gb Free Space | 48,04% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hillienhoff\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Services (SafeList) ========== SRV - (ACDaemon) -- File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation) SRV - (QualityManager) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation) SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation) SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation) SRV - (DHTRACE) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation) SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation) SRV - (NMSCore) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation) SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (GigasetGenericUSB) -- system32\DRIVERS\GigasetGenericUSB.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (pmserenum) -- C:\Windows\System32\drivers\pmserenum.sys (PenMount Touch Solutions) DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys () DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{180C8484-65D8-4BF0-94AA-9B397A4FFAAA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{5CEB8E03-46DF-4DDF-A395-8BACDEF90756}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{5F1BF55A-6F6B-4AAB-A327-0FBA647F7D9F}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\SearchScopes\{E13FB001-1E67-4BDC-904C-1EF3A05701CE}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.20 16:23:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.20 16:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.29 21:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fvlfgruc.default\extensions [2012.11.20 16:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.07 10:39:31 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Programme\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Regions- und Sprachoptionen O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hillienhoff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A9C46A2-27DD-45C6-B998-180135A2E3AD}: NameServer = 195.50.140.182 195.50.140.114 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hillienhoff\Fotos\2011\2011.11._September_bis_November\neu_1.10.2011 024 - t-shirt.JPG O24 - Desktop BackupWallPaper: C:\Users\***\Fotos\2011\2011.11._September_bis_November\neu_1.10.2011 024 - t-shirt.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.07 13:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.07 12:52:43 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2012.12.07 07:45:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Daten zum Posten [2012.12.04 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProtectDISC [2012.12.04 21:42:20 | 000,163,840 | ---- | C] (G DATA Software AG) -- C:\Windows\LgxSetup.exe [2012.12.04 21:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logox.4.0 [2012.12.04 21:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lernwerkstatt 8 [2012.12.04 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lernwerkstatt 8 [2012.12.04 21:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lernwerkstatt 8 [2012.11.30 18:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\SaalDesignSoftware [2012.11.29 20:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.29 20:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.29 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.11.29 20:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.29 18:16:25 | 000,231,112 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys [2012.11.29 18:16:25 | 000,121,440 | ---- | C] (Intel Corporation) -- C:\Windows\System32\e1000msg.dll [2012.11.29 18:16:25 | 000,082,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NicInE6.dll [2012.11.29 18:16:25 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NicCo26.dll [2012.11.29 17:48:27 | 000,026,624 | ---- | C] (PenMount Touch Solutions) -- C:\Windows\System32\drivers\pmserenum.sys [2012.11.29 12:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.11.25 07:56:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.11.20 17:37:03 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.20 17:37:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.20 17:36:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.20 17:36:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.20 17:36:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.20 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2012.11.20 16:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.20 16:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.11.20 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.20 15:27:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.11.15 22:27:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.15 22:27:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.15 22:27:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.15 22:27:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.15 22:27:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.15 22:27:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.15 22:27:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.15 22:27:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.15 14:11:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.15 14:05:44 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 21:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2012.12.07 13:07:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.07 12:56:01 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.07 12:56:01 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.07 12:56:01 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.07 12:56:01 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.07 12:47:33 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.07 12:47:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.07 12:00:16 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 12:00:16 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 08:01:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.07 08:00:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.12.07 08:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.12.07 08:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.12.07 07:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.07 07:42:54 | 000,540,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.05 10:40:17 | 000,007,192 | ---- | M] () -- C:\Users\***\Documents\cc_20121205_103119.reg [2012.12.05 07:20:33 | 000,449,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.04 21:46:05 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E5.LCS [2012.12.04 21:42:21 | 000,000,122 | ---- | M] () -- C:\LgxUser.dic [2012.12.04 21:42:20 | 000,163,840 | ---- | M] (G DATA Software AG) -- C:\Windows\LgxSetup.exe [2012.11.30 18:03:53 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.29 20:14:14 | 000,077,734 | ---- | M] () -- C:\Users\***\Documents\cc_20121129_201410.reg [2012.11.29 20:05:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.29 18:16:25 | 000,231,112 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys [2012.11.29 18:16:25 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\e1000msg.dll [2012.11.29 18:16:25 | 000,082,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\NicInE6.dll [2012.11.29 18:16:25 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\Windows\System32\NicCo26.dll [2012.11.29 18:16:25 | 000,002,769 | ---- | M] () -- C:\Windows\System32\e1e6032.din [2012.11.29 17:48:27 | 000,026,624 | ---- | M] (PenMount Touch Solutions) -- C:\Windows\System32\drivers\pmserenum.sys [2012.11.25 07:55:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.25 07:55:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.20 17:36:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.20 17:35:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.20 17:35:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.20 17:35:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.20 17:35:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.20 17:35:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.20 16:09:56 | 000,000,648 | ---- | M] () -- C:\Users\***\Documents\cc_20121120_160951.reg [2012.11.15 19:51:52 | 000,002,494 | ---- | M] () -- C:\Users\***\Documents\cc_20121115_195146.reg [2012.11.12 19:15:53 | 000,002,536 | ---- | M] () -- C:\Users\***\Documents\cc_20121112_191550.reg ========== Files Created - No Company Name ========== [2012.12.07 07:42:48 | 000,540,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.05 10:40:11 | 000,007,192 | ---- | C] () -- C:\Users\***\Documents\cc_20121205_103119.reg [2012.12.04 21:45:46 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000016E5.LCS [2012.12.04 21:42:21 | 000,000,122 | ---- | C] () -- C:\LgxUser.dic [2012.11.30 18:03:53 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk [2012.11.30 18:03:53 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.29 20:14:12 | 000,077,734 | ---- | C] () -- C:\Users\***\Documents\cc_20121129_201410.reg [2012.11.29 20:05:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.29 18:16:25 | 000,002,769 | ---- | C] () -- C:\Windows\System32\e1e6032.din [2012.11.20 16:23:21 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.20 16:09:55 | 000,000,648 | ---- | C] () -- C:\Users\***\Documents\cc_20121120_160951.reg [2012.11.15 19:51:50 | 000,002,494 | ---- | C] () -- C:\Users\***\Documents\cc_20121115_195146.reg [2012.11.12 19:15:52 | 000,002,536 | ---- | C] () -- C:\Users\***\Documents\cc_20121112_191550.reg [2012.10.09 14:55:21 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2012.09.27 07:42:48 | 000,106,701 | ---- | C] () -- C:\Users\***\Seifenblasen_Kordel.PDF [2012.09.06 21:15:55 | 000,022,655 | ---- | C] () -- C:\Users\***\Hund.jpg [2012.09.05 21:30:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.02 20:34:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.09.01 19:33:02 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.06.23 11:02:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.05.08 16:16:53 | 002,256,544 | ---- | C] () -- C:\Users\***\Gundel_Weihnachten.JPG [2012.05.03 21:31:09 | 001,490,999 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll [2011.12.20 14:58:57 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.09.17 14:40:17 | 000,020,531 | -H-- | C] () -- C:\ProgramData\W77X4 [2011.09.17 13:26:55 | 000,000,134 | ---- | C] () -- C:\Windows\A28U.INI [2011.09.17 13:23:02 | 000,001,807 | ---- | C] () -- C:\Windows\if42le.ini [2011.09.17 13:23:02 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini [2011.09.17 13:19:04 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll [2010.09.15 08:02:30 | 000,113,188 | -H-- | C] () -- C:\Users\***\ZbThumbnail.info [2010.01.21 22:33:33 | 001,192,585 | ---- | C] () -- C:\Users\***\Pipi.PDF [2009.04.07 09:45:25 | 000,074,131 | ---- | C] () -- C:\Users\***\Betriebstagebuch KKA.PDF [2009.04.01 15:14:19 | 012,773,473 | ---- | C] () -- C:\Users\***\Sibelius Hilfe.pdf [2008.11.29 17:51:31 | 000,933,993 | ---- | C] () -- C:\Users\***\Wartungbericht KKA.PDF [2008.10.27 17:05:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.05.03 22:43:30 | 007,038,688 | ---- | C] () -- C:\Users\***\Gärtnergeburtstag 1200 dpi.TIF [2008.05.03 22:38:23 | 000,156,844 | ---- | C] () -- C:\Users\***\Foto Gärtnergeburtstag.JPG [2008.03.01 14:26:36 | 000,002,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdb.bin [2007.12.17 08:01:48 | 000,191,135 | ---- | C] () -- C:\Users\***\Wertbestätigung Hillienhoff.pdf [2007.12.17 07:44:39 | 000,129,771 | ---- | C] () -- C:\Users\***\Kto-Auszug Gehörschutz Hillienhoff.pdf [2007.10.11 16:25:31 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.11 13:54:53 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2007.10.11 13:16:32 | 000,035,328 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.10 12:21:17 | 000,217,088 | ---- | C] () -- C:\Users\***\Carcassonne der Fluss.pdf [2007.10.02 20:28:11 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.12.2012 13:08:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,15% Memory free
4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,26 Gb Total Space | 147,18 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 20,49 Gb Total Space | 9,84 Gb Free Space | 48,04% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1547249388-2404132702-3966856301-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F5F701F-E92D-474B-8F0C-35A8AF7ECA8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{41CFA55A-046B-4F96-BC82-8C6E7AE857A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{5ABED9A0-544D-46DD-A19F-7BCD7CCCCE99}" = rport=445 | protocol=6 | dir=out | app=system |
"{67ADC734-BA96-4395-9E32-A6036C5B5007}" = rport=139 | protocol=6 | dir=out | app=system |
"{854D4D85-772B-40B3-9DFC-72B9BDCEC386}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{8FC92727-C33A-46E9-8D61-601DD4CC9C2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95D83A6B-0642-4D7B-A2B1-C891F4FE3B50}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0EAFE93-610E-41DF-8025-4BE725C2DC49}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6023B8A-8C96-459A-B138-D8326F1DCF88}" = lport=138 | protocol=17 | dir=in | app=system |
"{B95DA179-261B-4407-B86F-2F68AEC77868}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{D2FAC0CB-8951-42AB-8235-F62CBE2D579D}" = rport=138 | protocol=17 | dir=out | app=system |
"{FDAB24C7-BC0D-484D-AA9B-DB831B8C9335}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25671403-4E21-47A8-BA20-B3DAEC8BC609}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{34BB4721-0CFE-49F5-9952-3FDB83A4E038}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DB2B0D8-F1A0-4890-916B-3663FE00B6A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C927F74-E00F-42ED-8863-09D717FEEDE9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{648E5DF7-827F-43EA-AAD5-E45ADBE9EAB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6976089E-E526-416B-90BC-C924C5FD06D6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{727B16D1-559C-48AF-B157-8BB8FA46ECBF}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{793B0D80-AEDE-46DF-BF42-4189EB7CC9CD}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{8EB97EC7-825E-4660-B14E-710DCE456694}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9E625C02-18C0-4641-9082-31108CF1BF4E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BDD7F61E-39A0-423A-859E-56DF3D5D8162}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{DBD7A662-9270-4BDE-A8DB-B48C8487AFBB}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{DF70E3E6-12D4-43FB-93D9-DD192FD18ABE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E3B35DC4-28BC-4EC0-B9EB-360AC8696D0E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{EE586F66-FB2A-4C2F-A8CB-448C325265BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE9E6D9D-4536-437D-8D33-3D1A97D13F13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F2463D2C-3D92-4FEA-88F8-0F0DCAAB84AD}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{F3450E37-7974-4D61-ACED-3421197D3D61}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"TCP Query User{1588A1DB-E707-4266-9AE7-805A47ABC982}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2802FD48-5671-4EA4-8030-EB3D75D1AA68}C:\program files\weq\gvdownloader\gvdownloader.ui.exe" = protocol=6 | dir=in | app=c:\program files\weq\gvdownloader\gvdownloader.ui.exe |
"TCP Query User{C7A8E794-EA68-4551-8835-2220ABCCEEF3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1633B637-36FF-4E35-B09C-BAD2EC7E8CD1}C:\program files\weq\gvdownloader\gvdownloader.ui.exe" = protocol=17 | dir=in | app=c:\program files\weq\gvdownloader\gvdownloader.ui.exe |
"UDP Query User{8B1C7A1D-87DA-422E-BC7E-B91A9CF710CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FF43616F-5C63-466E-AFDC-01E1BA4D19D2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel® Viiv™ Software
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon Backup & Recovery™ 10 Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{68BA90DE-424A-493E-B069-4EB33590C96C}" = Deaktivierungs-Add-on für Browser von Google Analytics
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F1F185-CB03-451C-A6EF-F13A7AEBB355}" = PHOTOfunSTUDIO 8.0 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E3FE83B-1A29-406C-80B3-E74CFB5CB1D2}" = capella reader 6.0
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager
"{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software
"{99D5EF59-CF6F-4030-901B-4DDDB7F99403}" = Presto! PageManager 7.10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6B5921C-E1C5-4592-B363-F7E616EA14D4}" = OpticFilm 7600i
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE6AC902-190B-49D7-8844-419F1E156426}" = GVDownloader
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"ContentaConverter-BASIC" = Contenta Converter BASIC
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"SaalDesignSoftware" = Saal Design Software
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"SilverFast 8 x86" = SilverFast 8.0.0r1 (32bit)
"SilverFast UScan-SE" = SilverFast UScan-SE 6.6.2r5
"SilverFast UScan-SE TWAIN" = SilverFast UScan-SE TWAIN 6.6.2r3
"WFTK" = Canon Utilities WFT Utility
"WinDjView" = WinDjView 1.0.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.12.2012 06:14:25 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:14:25 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:14:25 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:14:25 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:15:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:15:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:15:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:15:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.12.2012 06:15:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.12.2012 03:01:20 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NOTEPAD.EXE, Version 6.0.6001.18000, Zeitstempel
0x47918ea2, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x73fc74b2, Prozess-ID 0xb44,
Anwendungsstartzeit 01cdd4489105cba2.
[ OSession Events ]
Error - 13.09.2011 06:15:28 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.09.2012 03:26:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 375
seconds with 360 seconds of active time. This session ended with a crash.
Error - 24.09.2012 06:38:44 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 436
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.10.2012 03:24:30 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 92
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.10.2012 04:49:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 997
seconds with 60 seconds of active time. This session ended with a crash.
Error - 10.10.2012 01:43:10 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 101
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.10.2012 02:19:28 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 145
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10.10.2012 16:26:41 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.11.2012 06:57:40 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1312
seconds with 300 seconds of active time. This session ended with a crash.
Error - 13.11.2012 05:47:40 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1393
seconds with 1080 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.11.2012 14:59:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 29.11.2012 15:00:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description =
Error - 29.11.2012 15:00:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 04.12.2012 13:01:24 | Computer Name = ***-PC | Source = Print | ID = 6161
Description = Das Dokument CanoScan Toolbox Ver4.1.3 im Besitz von ***konnte
nicht auf dem Drucker Canon iP4300 gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 1638400. Anzahl der gedruckten Bytes: 1096616. Gesamtanzahl
der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***-PC.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 259. Es sind keine Daten mehr
verfügbar.
Error - 04.12.2012 16:33:17 | Computer Name = ***-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 06.12.2012 03:17:48 | Computer Name = ***-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Synaptics SMBus Driver" (PCI\VEN_8086&DEV_2930&SUBSYS_73581462&REV_02\3&2411e6fe&1&FB)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 06.12.2012 15:34:16 | Computer Name = ***-PC | Source = Print | ID = 6161
Description = Das Dokument CanoScan Toolbox Ver4.1.3 im Besitz von ***konnte
nicht auf dem Drucker Canon iP4300 gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 1638400. Anzahl der gedruckten Bytes: 1096616. Gesamtanzahl
der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\HILLIENHOFF-PC.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 259. Es sind keine Daten mehr
verfügbar.
Error - 07.12.2012 03:02:30 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 07.12.2012 03:02:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 07.12.2012 03:02:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # AdwCleaner v2.011 - Datei am 07/12/2012 um 07:45:53 erstellt # Aktualisiert am 02/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Hillienhoff - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp Ordner Gelöscht : C:\Program Files\AskTBar Ordner Gelöscht : C:\Program Files\ConduitEngine Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\***\AppData\LocalLow\ConduitEngine Ordner Gelöscht : C:\Users\***\AppData\LocalLow\DVDVideoSoftTB Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4633EBAD-C5D1-4698-9214-2D476625462B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\conduitEngine Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E13D90A-7727-4C57-8251-C4E34BB2E749} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3D37087-97C5-4310-ACDE-781270EFB7C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4633EBAD-C5D1-4698-9214-2D476625462B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\Hillienhoff\AppData\Roaming\Mozilla\Firefox\Profiles\fvlfgruc.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4786 octets] - [07/12/2012 07:45:53] ########## EOF - C:\AdwCleaner[S1].txt - [4846 octets] ########## xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx Danke für die Hilfe, Gruß GunHill |
|
07.12.2012, 18:41
| #7 |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
[2012.09.05 21:30:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.07 08:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.12.07 08:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.06.23 11:02:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
08.12.2012, 00:47
| #8 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo t'john, habe den OTL Fix durchgeführt, aber beim Neustart ist der Rechner hängengeblieben, da habe ich ausgeschaltet und nochmal angemacht, da ging es. LogFile ist dieses: All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. C:\Windows\Tasks\RegistryBooster.job moved successfully. C:\Windows\Tasks\DriverScanner.job moved successfully. C:\ProgramData\loc_pyt_0_kroj.pad moved successfully. ========== FILES ========== File\Folder C:\ProgramData\***.exe not found. File\Folder C:\ProgramData\***.dll not found. File\Folder C:\ProgramData\***.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\***\***.tmp not found. File\Folder C:\Users\***\AppData\Local\Temp\***.exe not found. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 559654 bytes ->Temporary Internet Files folder emptied: 11024698 bytes ->FireFox cache emptied: 202909098 bytes ->Apple Safari cache emptied: 15221760 bytes ->Flash cache emptied: 58316 bytes User: IUSR_NMPR ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9246 bytes RecycleBin emptied: 4915 bytes Total Files Cleaned = 219,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12082012_000959 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Ich hatte auch die * durch BenutzerName ersetzt, war das falsch? Soryy für den Ärger und danke für die Hilfe, GunHill PS Muss ich meine Namen durch *** ersetzen? Oder ist das eine freiwillige "Schutz-Option"? |
|
09.12.2012, 11:43
| #9 | |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefundenZitat:
ich hoffe der Benutzername besteht aus deinem Vor- und Zunamen, sodass sich das auch lohnt. Nochmal richtig fixen. dann Schritt 2 und 3. |
|
10.12.2012, 08:12
| #10 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo t'john, habe alles ausgeführt: 1. OTL All processes killed ========== OTL ========== File C:\ProgramData\dsgsdgdsgdsgw.pad not found. File C:\Windows\tasks\RegistryBooster.job not found. File C:\Windows\tasks\DriverScanner.job not found. File C:\ProgramData\loc_pyt_0_kroj.pad not found. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\***\*.tmp not found. File\Folder C:\Users\***\AppData\Local\Temp\*.exe not found. File\Folder C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache not found. File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 369869 bytes ->Temporary Internet Files folder emptied: 16971938 bytes ->FireFox cache emptied: 81209471 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 58739 bytes User: IUSR_NMPR ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 526784 bytes RecycleBin emptied: 92776217 bytes Total Files Cleaned = 183,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12092012_230946 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2. Malware Antirootkit hat nichts gefunden, den Cleanup-Prozess konnte ich nicht starten. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 3. AdwCleaner: # AdwCleaner v2.100 - Datei am 10/12/2012 um 07:19:26 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : ***- ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\SweetIM Schlüssel Gelöscht : HKLM\Software\SweetIM ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fvlfgruc.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4915 octets] - [07/12/2012 07:45:53] AdwCleaner[S2].txt - [929 octets] - [10/12/2012 07:19:26] ########## EOF - C:\AdwCleaner[S2].txt - [988 octets] ########## |
|
10.12.2012, 13:44
| #11 |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
11.12.2012, 07:18
| #12 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Guten Morgen t'john, im Prinzip läuft der Rechner gut, manchmal dauert das Hochfahren sehr lange, die Maus läuft machnmal von allein über den Desktop und ab un zu fängt der Rechner an zu rauschen, da macht er irgendwas, was ich nicht weiss (ist sicher auch manchmal der Defender oder Avira ...) Hier der Log von Emisoft: Emsisoft Anti-Malware - Version 7.0 Letztes Update: 10.12.2012 23:02:55 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 10.12.2012 23:03:43 Key: hkey_users\s-1-5-21-1547249388-2404132702-3966856301-1000\software\microsoft\windows\currentversion\ext\stats\{fe063db1-4ec0-403e-8dd8-394c54984b2c} gefunden: Trace.Registry.AskTBar (A) Key: hkey_users\s-1-5-21-1547249388-2404132702-3966856301-1000\software\microsoft\windows\currentversion\ext\stats\{fe063db9-4ec0-403e-8dd8-394c54984b2c} gefunden: Trace.Registry.AskTBar (A) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblerb.class gefunden: Exploit.Java.CVE.S (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblerf.class gefunden: Exploit.Java.CVE.Q (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblera.class gefunden: Exploit.Java.CVE.P (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblerc.class gefunden: Exploit.Java.CVE.S (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblerd.class gefunden: Exploit.Java.CVE.V (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5522117a.qua -> (Quarantine-8) -> ramblera/ramblere.class gefunden: Java.Exploit.CVE-2012-4681.D (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\55eb5c5b.qua -> (Quarantine-8) -> (INFECTED_JS) gefunden: PDF:Exploit.PDF-JS.HN (B) Gescannt 549700 Gefunden 9 Scan Ende: 11.12.2012 01:25:48 Scan Zeit: 2:22:05 Dank & Gruß von GunHill |
|
11.12.2012, 16:53
| #13 |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Sehr gut! Lasse die Funde in Quarantaene verschieben, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
12.12.2012, 07:15
| #14 |
| | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Hallo t'john, hat alles geklappt. Der Rechner brauchte aber sehr lange zum Hochfahren. Hier der Log: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6b30aef2cd11c749a2e5dceb2f58eb2f # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-12 12:09:46 # local_time=2012-12-12 01:09:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 99 52910 220694276 0 0 # compatibility_mode=5892 16776573 100 100 63259 192803714 0 0 # scanned=11793 # found=0 # cleaned=0 # scan_time=394 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6b30aef2cd11c749a2e5dceb2f58eb2f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-12 02:33:28 # local_time=2012-12-12 03:33:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 99 61532 220702898 54302 0 # compatibility_mode=5892 16776573 100 100 75481 192812336 0 0 # scanned=299651 # found=0 # cleaned=0 # scan_time=8552 Schönen Tag und danke, GunHill |
|
13.12.2012, 18:15
| #15 |
| /// Helfer-Team | DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
| Themen zu DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden |
| adobe, antivir, autorun, avg, betriebs, bho, booten, conduit, converter, das angegebene modul wurde nicht gefunden, defender, dvu virus, fehlermeldung, festplatte, firefox, flash player, format, google analytics, logfile, mp3, origin, plug-in, registry, registry booster, senden, server, software, trojan.agent.vgenx, trojaner, virus, vista, windows |
Linear-Darstellung
