| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus, Rechner ist gesperrt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.09.2012, 12:23
| #1 |
| |  GVU Virus, Rechner ist gesperrt! Hallo, ich hab mir leider den GVU Bundespolizei Virus eingefangen. Es kam heute die Nachricht, dass ich mich strafbar gemacht hätte und Geld zahlen soll. Zwei Mal habe ich versucht das System neu zu starten, aber nichts, immer wieder erscheint dieses Fenster, das sich nicht schließen lässt. Mein Rechner ist gesperrt und ich sichere gerade wichtige Dateien über den Abgesicherten Modus. Mein System ist Windows Vista. Bin jetzt über einen anderen Rechner online und weiß nicht weiter... Es wäre sehr lieb von euch, wenn ihr mir helfen könntet, denn ich habe leider keinen Plan, bin ein absoluter Computer Laie ;-) Danke im Voraus! Lieber Gruß |
|
20.09.2012, 14:29
| #2 |
| /// Malware-holic   | GVU Virus, Rechner ist gesperrt! hi
__________________starte neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich in deinem konto an. internet sollte klappen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
20.09.2012, 22:22
| #3 |
| | GVU Virus, Rechner ist gesperrt! Herzlichen Dank für die schnelle Antwort!
__________________Habe Rechner neu gestartet über abgesicherten Modus, Internet funktioniert, aber OTL lässt sich nicht runterladen auf meinem Rechner. Habe es auf dem meiner Mitbewohner probiert und da funktioniert es. Kann das sein? Komme also über diesen Schritt nicht weiter... Könnt ihr mir nochmal helfen? Danke, danke, danke für eine Antwort! Liebe Grüße Hallo, also, ich habe eine Systemwiederherstellung durchgeführt und konnte nun auch OTL runterladen mit diesem Ergebnis:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.09.2012 13:10:43 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Isabell\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,81% Memory free 6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 3,03 Gb Free Space | 1,07% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 8,63 Gb Free Space | 58,91% Space Free | Partition Type: NTFS Drive E: | 7,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ISI_SCHLEPPIX | User Name: Isabell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Isabell\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\System32\lxbvcoms.exe ( ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\aac673b97f580da903ef386ff219d119\MenuSkinning.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ad72277f504738f3a0339bd3d39340e8\VistaBridgeLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\7a47daa7f98501889e0d418726980c2e\DellDock.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ad4382c6dd05a5f8aac1008ae41f6da3\MyDock.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3240.39135__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3240.39118__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3240.39137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3240.39210__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3240.39132__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3240.39172__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3240.39126__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3240.39235__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3240.39187__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3240.39203__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3240.39193__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3240.39235__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3240.39236__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3240.39194__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3240.39126__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3240.39192__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3240.39234__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3240.39175__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3240.39127__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3240.39138__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3240.39169__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3240.39173__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3240.39186__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3240.39142__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3240.39137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3240.39184__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3240.39174__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3240.39173__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3240.39141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3240.39173__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3240.39184__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3240.39185__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3184.27527__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3240.39228__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3240.39226__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3240.39246__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3240.39255__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3240.39116__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3240.39122_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3240.39122__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3240.39131__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3240.39117__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3240.39116__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3240.39115__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3240.39117__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3240.39115__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3240.39227__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (InstallBrainService) -- C:\ProgramData\InstallBrainService\ibsvc.exe /SERVICE File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (Mobile Partner. RunOuc) -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe () SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxbv_device) -- C:\Windows\System32\lxbvcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (aqtm19d4) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (OA008Vid) -- C:\Windows\System32\drivers\OA008Vid.sys (Creative Technology Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (OA008Ufd) -- C:\Windows\System32\drivers\OA008Ufd.sys (Creative Technology Ltd.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0C539954-3E23-4D24-8A03-BE3DEE83440F}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0C539954-3E23-4D24-8A03-BE3DEE83440F} IE - HKU\.DEFAULT\..\SearchScopes\{0C539954-3E23-4D24-8A03-BE3DEE83440F}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0C539954-3E23-4D24-8A03-BE3DEE83440F} IE - HKU\S-1-5-18\..\SearchScopes\{0C539954-3E23-4D24-8A03-BE3DEE83440F}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\SearchScopes\{0C539954-3E23-4D24-8A03-BE3DEE83440F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: crossriderapp5060@crossrider.com:0.83.28 FF - prefs.js..extensions.enabledAddons: {78e516ef-11de-47a1-8364-a99b917ec5ee}:10.10.27.6 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.07 21:52:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 07:33:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.03 08:14:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.07 21:52:19 | 000,000,000 | ---D | M] [2009.12.30 00:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Extensions [2012.09.20 22:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions [2010.06.30 18:18:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.20 23:28:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.09.20 22:55:39 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2012.08.22 01:53:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.03.03 12:17:01 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.31 01:15:07 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\crossriderapp5060@crossrider.com [2011.03.30 11:37:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\engine@conduit.com [2012.03.26 22:25:10 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\gamesbar@oberon-media.com [2012.08.04 11:56:46 | 000,021,674 | ---- | M] () (No name found) -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\extensions\addon@defaulttab.com.xpi [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\searchplugins\conduit.xml [2012.03.26 23:48:50 | 000,001,416 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\searchplugins\search-here.xml [2012.09.12 16:00:02 | 000,002,455 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\searchplugins\Web Search.xml [2012.03.27 07:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.15 01:23:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.27 07:33:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.27 07:33:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.27 07:33:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.27 07:33:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.27 07:33:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.26 22:24:35 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober21606965.xml [2012.03.27 07:33:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.27 07:33:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll (215 Apps) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - No CLSID value found. O3 - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-2920262169-2024615745-2752391784-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07F7458A-E836-4261-A008-EB6E359DD9DB}: DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE6B839-F4EB-4A41-9FC2-784F3546C375}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97304B73-8422-470A-A2B1-D1CD9BBBC24A}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97304B73-8422-470A-A2B1-D1CD9BBBC24A}: NameServer = 139.7.30.125,139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0ECDE9A-419A-49D6-9A7F-77D0FA4926C8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD67216B-02DF-4550-B8F1-E4D395E494CA}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/x-mrml {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx (YAMAHA CORPORATION) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Isabell\Pictures\Theater\Theater 2012\Die Wiederspenstige\bild0261.JPG O24 - Desktop BackupWallPaper: C:\Users\Isabell\Pictures\Theater\Theater 2012\Die Wiederspenstige\bild0261.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{025de9cb-5f95-11e1-a304-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{025de9cb-5f95-11e1-a304-002219f2e700}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{025de9d8-5f95-11e1-a304-001e101f1ed9}\Shell - "" = AutoRun O33 - MountPoints2\{025de9d8-5f95-11e1-a304-001e101f1ed9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{08db1f14-a0a8-11df-a54f-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{08db1f14-a0a8-11df-a54f-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4ecf1f5f-3da7-11e0-b66b-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{4ecf1f5f-3da7-11e0-b66b-002219f2e700}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4ecf1f91-3da7-11e0-b66b-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{4ecf1f91-3da7-11e0-b66b-001e101f859f}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5e75bce1-b600-11e0-9808-001e101f50a4}\Shell - "" = AutoRun O33 - MountPoints2\{5e75bce1-b600-11e0-9808-001e101f50a4}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{733371b0-6552-11e1-a9d5-001e101f2b52}\Shell - "" = AutoRun O33 - MountPoints2\{733371b0-6552-11e1-a9d5-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78b25794-b0f2-11df-8bc5-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{78b25794-b0f2-11df-8bc5-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7f37d69c-3d9d-11e0-9ae1-001e101f7fb6}\Shell - "" = AutoRun O33 - MountPoints2\{7f37d69c-3d9d-11e0-9ae1-001e101f7fb6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{9058fb99-9d82-11df-ba5b-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{9058fb99-9d82-11df-ba5b-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b177aadc-aa1c-11df-a077-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{b177aadc-aa1c-11df-a077-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b177aae8-aa1c-11df-a077-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{b177aae8-aa1c-11df-a077-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b91b6cae-c7cf-11df-ae57-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b91b6cae-c7cf-11df-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE /AUTORUN O33 - MountPoints2\{b91b6cae-c7cf-11df-ae57-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{b91b6cae-c7cf-11df-ae57-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{be014e5e-3e51-11e0-ae57-001e101f2b52}\Shell - "" = AutoRun O33 - MountPoints2\{be014e5e-3e51-11e0-ae57-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c898d9d9-7493-11e1-b0bd-001e101f4e71}\Shell - "" = AutoRun O33 - MountPoints2\{c898d9d9-7493-11e1-b0bd-001e101f4e71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ec8db1f3-9e52-11df-b968-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{ec8db1f3-9e52-11df-b968-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ec8db201-9e52-11df-b968-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{ec8db201-9e52-11df-b968-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{efbd42c1-9ff2-11df-bf9f-002219f2e700}\Shell - "" = AutoRun O33 - MountPoints2\{efbd42c1-9ff2-11df-bf9f-002219f2e700}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {58B12E97-793A-F637-B23E-58F04A6A6ADD} - Java (Sun) ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.21 13:07:41 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe [2012.09.15 15:22:30 | 000,000,000 | ---D | C] -- C:\Users\Isabell\Documents\attachment-Dateien [2012.09.13 03:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 03:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.12 15:54:10 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.12 15:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.09.12 15:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.09.12 15:53:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.09.12 15:53:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.12 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\OpenCandy [2012.09.12 03:40:22 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Zuloip [2012.09.12 03:40:22 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Gyki [2012.09.12 03:40:22 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Editv [2012.09.07 15:31:57 | 000,000,000 | R--D | C] -- C:\Users\Isabell\AppData\Roaming\Brother [2012.08.29 01:29:24 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Tixuad [2012.08.29 01:29:24 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Hefelo [2012.08.29 01:29:24 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Egpi ========== Files - Modified Within 30 Days ========== [2012.09.21 13:07:50 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe [2012.09.21 13:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job [2012.09.21 12:56:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.21 12:56:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.21 12:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.21 12:55:40 | 3215,835,136 | -HS- | M] () -- C:\hiberfil.sys [2012.09.21 00:55:11 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.20 23:13:16 | 000,007,512 | ---- | M] () -- C:\Users\Isabell\AppData\Local\d3d9caps.dat [2012.09.18 01:20:30 | 000,032,722 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\wklnhst.dat [2012.09.16 21:54:18 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 21:54:18 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 21:54:18 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 21:54:18 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.15 15:22:30 | 000,000,886 | ---- | M] () -- C:\Users\Isabell\Documents\attachment.htm [2012.09.13 23:14:57 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl [2012.09.13 15:01:35 | 001,774,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.13 03:01:50 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.12 15:58:49 | 000,001,153 | ---- | M] () -- C:\Users\Isabell\Desktop\Free YouTube to MP3 Converter.lnk [2012.09.12 15:54:06 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.09.12 15:54:06 | 000,001,827 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.09.12 15:52:45 | 000,002,045 | ---- | M] () -- C:\Users\Isabell\Desktop\Free Video to MP3 Converter.lnk ========== Files Created - No Company Name ========== [2012.09.21 12:55:36 | 3215,835,136 | -HS- | C] () -- C:\hiberfil.sys [2012.09.20 11:07:04 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.15 15:22:30 | 000,000,886 | ---- | C] () -- C:\Users\Isabell\Documents\attachment.htm [2012.09.13 23:14:57 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2012.09.12 15:54:06 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.09.12 15:54:06 | 000,001,827 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.09.12 15:54:05 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.09.12 15:52:45 | 000,002,045 | ---- | C] () -- C:\Users\Isabell\Desktop\Free Video to MP3 Converter.lnk [2011.10.15 11:47:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.15 11:47:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.02.11 08:28:29 | 000,007,512 | ---- | C] () -- C:\Users\Isabell\AppData\Local\d3d9caps.dat [2011.01.09 16:21:27 | 000,000,036 | ---- | C] () -- C:\Windows\eprint.INI [2010.12.23 22:47:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.20 21:41:52 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.11.20 21:41:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.09.24 13:31:05 | 000,008,192 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\user52.rdb [2010.09.24 13:19:27 | 000,000,060 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\sversion.ini [2010.09.24 13:16:42 | 000,036,864 | ---- | C] () -- C:\Windows\uinst001.exe [2009.07.29 00:38:16 | 000,032,722 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\wklnhst.dat [2009.06.24 23:05:50 | 000,102,400 | ---- | C] () -- C:\Users\Isabell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2012.01.09 09:37:18 | 000,213,224 | ---- | M] () -- C:\Users\Isabell\AppData\LocalLow\PriceGong\Data\l.xml [2012.01.09 09:37:40 | 000,131,392 | ---- | M] () -- C:\Users\Isabell\AppData\LocalLow\PriceGong\Data\n.xml [2012.01.09 09:38:56 | 000,079,200 | ---- | M] () -- C:\Users\Isabell\AppData\LocalLow\PriceGong\Data\u.xml [2012.09.13 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Dropbox\l [2012.09.13 23:11:52 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Dropbox\installer\l [2012.09.13 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Dropbox\shellext\l [2009.12.01 22:19:32 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7KGXAMT\wbads.vo.llnwd.net\o25\u [2011.01.01 20:58:24 | 000,000,000 | ---D | M] -- C:\Users\Isabell\Music\Mucke\Leonard Cohen\L. Cohen 1994 Cohen Live - Leonard Cohen In Concert [2005.06.07 23:59:24 | 000,625,729 | ---- | M] () -- C:\Users\Isabell\Pictures\Darsteller\Romy Schneider 2\Romy\l.jpg [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2009.12.30 18:56:23 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Amazon [2010.09.24 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\DAEMON Tools Pro [2012.06.15 23:23:32 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Desktopicon [2011.01.09 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\diginet [2012.09.13 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Dropbox [2012.09.12 16:00:40 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\DVDVideoSoft [2011.03.30 11:37:39 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.13 01:59:56 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Editv [2012.08.31 00:27:57 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Egpi [2012.02.29 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Ehunq [2012.02.29 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Elevb [2012.03.26 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\GamesBar [2012.02.29 03:04:17 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Guoszy [2012.09.12 03:40:22 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Gyki [2012.08.29 01:29:43 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Hefelo [2012.03.09 03:17:10 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Nafi [2012.03.27 07:31:45 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Okva [2012.09.12 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\OpenCandy [2011.07.03 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\PCDr [2009.07.29 00:38:18 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Template [2012.08.29 01:29:24 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Tixuad [2009.07.29 02:10:52 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Toolbars [2012.09.12 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\TuneUp Software [2012.02.18 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Ucugab [2012.03.09 03:18:10 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Uvyv [2010.08.01 17:53:49 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Vodafone [2012.09.13 12:39:27 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Zuloip ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.06.21 22:40:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.10.25 01:10:16 | 000,000,000 | -HSD | M] -- C:\boot [2011.07.03 08:10:31 | 000,000,000 | ---D | M] -- C:\DELL [2011.02.15 21:31:18 | 000,000,000 | ---D | M] -- C:\DER_KARDINAL [2010.10.29 22:21:42 | 000,000,000 | ---D | M] -- C:\digibib3 [2011.07.13 14:04:41 | 000,000,000 | ---D | M] -- C:\DOCUME~1 [2009.06.21 22:33:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.29 12:07:21 | 000,000,000 | ---D | M] -- C:\Drivers [2009.04.29 18:24:16 | 000,000,000 | ---D | M] -- C:\EFI [2009.07.29 11:54:33 | 000,000,000 | ---D | M] -- C:\Lxk2200 [2009.07.29 11:58:15 | 000,000,000 | ---D | M] -- C:\Lxk3-1Fax [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.13 23:20:25 | 000,000,000 | ---D | M] -- C:\Program Files [2012.09.20 11:07:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.06.21 22:33:50 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.21 13:20:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.07.29 01:21:52 | 000,000,000 | ---D | M] -- C:\totalcmd [2010.06.12 19:57:36 | 000,000,000 | ---D | M] -- C:\Users [2012.09.21 12:55:32 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:01:49 | 000,032,514 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.11.02 00:16:29 | 000,000,508 | ---- | C] () -- C:\Windows\Tasks\1-Click Maintenance.job < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.06.11 19:03:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.06.11 19:03:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.06.11 19:03:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.06.11 19:14:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.06.11 19:14:45 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.06.11 19:14:45 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.06.11 19:14:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.09.24 13:14:45 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.09.21 13:39:33 | 003,932,160 | -HS- | M] () -- C:\Users\Isabell\ntuser.dat [2012.09.21 13:39:33 | 000,262,144 | -H-- | M] () -- C:\Users\Isabell\ntuser.dat.LOG1 [2009.06.21 22:37:36 | 000,000,000 | -H-- | M] () -- C:\Users\Isabell\ntuser.dat.LOG2 [2012.09.21 12:53:03 | 000,065,536 | -HS- | M] () -- C:\Users\Isabell\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.31 13:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Isabell\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.09.21 12:53:03 | 000,524,288 | -HS- | M] () -- C:\Users\Isabell\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.06.21 22:37:37 | 000,000,020 | -HS- | M] () -- C:\Users\Isabell\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9 < End of report > Danke nochmal,...zumindest funktioniert der Rechner erstmal wieder. Muss ich weitere Schritte durchführen, um den Virus ganz zu entfernen? Liebe Grüße Extras.Txt-Editor:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.09.2012 13:10:43 - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Isabell\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,81% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 3,03 Gb Free Space | 1,07% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 8,63 Gb Free Space | 58,91% Space Free | Partition Type: NTFS
Drive E: | 7,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ISI_SCHLEPPIX | User Name: Isabell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2920262169-2024615745-2752391784-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B8E956-87C5-412D-9D67-C7CA4DB09566}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A3F1CDF-667E-422F-BB79-F4D6FA205621}" = lport=138 | protocol=17 | dir=in | app=system |
"{3D992DDA-473B-408B-A1FF-255C37ABEF9C}" = lport=995 | protocol=17 | dir=in | name=outlook2 |
"{68555BB1-2D45-4635-A140-12A700CBF605}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68FE3C11-25C6-4E35-A537-8D7FCE1DF543}" = rport=445 | protocol=6 | dir=out | app=system |
"{6945F0A6-935C-448B-8337-3A4CD2141160}" = lport=445 | protocol=6 | dir=in | app=system |
"{8BC0DB73-6012-43F2-A8E3-A54864601A0A}" = lport=995 | protocol=6 | dir=in | name=outlook |
"{8E5CBD70-DF97-40FF-9DF0-5AF35198A744}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F303398-DC6F-4292-B8A1-E51664A6A00A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9FEBAB8-D860-40AB-8522-026B52B292C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4319B08-12AF-47A9-BA4C-319ED24CC226}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7170C75-6CC6-40DB-914E-02A089C518F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DAA45165-2A36-410A-8A27-8CE89CBA6B70}" = rport=138 | protocol=17 | dir=out | app=system |
"{FED9DD98-68FC-4EA5-9737-25BAB17D94CA}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037EBCA3-CDEB-43D5-BF41-C7AE08A3C81E}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{0F37E3BF-980E-40A5-B237-24AC4C4C52C3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1638A3EE-0E00-4239-A98D-093D5757461F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FBDFF26-238B-4B51-AE91-1F138EC55CDC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{23FCCC12-F5C5-4858-BB4F-7CA90EEB3351}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2FC9099C-1838-48A8-AB1C-2AD51A67C63D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{34EAA0A9-4A2C-40E3-8D13-C05BD47B0C9F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3772A77E-2322-4B9C-8284-122964245877}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{39B099AC-BF7C-46DD-85CC-370F9B137518}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3DA9443B-A0C5-4FFB-993A-EBF40E0926D6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |
"{463EA80D-8529-4462-8B8B-01471D81EB98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{467F1106-1A12-4BCB-8500-3560243444FF}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{4BA74DFB-83C1-453C-BB7B-0C32820F265B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4E57D7AF-DC16-4F75-A2A8-ED44F1B8E7B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56C4F59B-3B3C-4F65-90A6-79420666940D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C6A4486-75A2-498B-810D-574F47537B1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{63C64127-514C-4E3D-816F-662436B74D70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{69DEBBEC-4018-4CC7-B4CE-CDE963F98779}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |
"{728F800D-4161-49B6-9051-201207440653}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73AF66C2-44AC-4067-BA8C-C78C1CA696F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8A1C5D30-ED4F-48AC-8C03-7C1A302059E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2D81D27-DAAD-4B93-918F-FB29155F0256}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC6DF5B5-225A-47BF-839F-468E99468905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BBC43B8E-28C3-4777-8EB0-7DD475C1587D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{BEC374AB-78B1-40A2-90C5-6B5D10A51ACC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CBAABFD5-A2FF-4246-98FD-E53844388357}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{EB78C9A2-4594-4D4D-B670-157B777555E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECB1410C-A96D-4B98-9DE7-200D8D20A8DA}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{F3EB4F68-0415-4973-9AAF-8AF476076983}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F9E16D3C-DF33-4F29-9DF4-89EA72425E0A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{FB80D756-0D56-4BB0-8C38-FF12E03E704B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FC30B8B2-B589-41DD-BDE7-B50D0ADB5BA4}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{FCB53B41-8686-4F40-832E-A0051EC325F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"TCP Query User{4344D168-7A29-4E63-96B4-2F7FA910B502}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6116E9DB-CAF2-48A1-8AFC-1CB6F8D6ADA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7B51DD6F-C97C-4F28-8742-4FF6E22461A2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FD591EFB-80BB-4ECD-A37B-303AED282D6A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87717500-AED3-B339-842A-BE3B62F600E0}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A047546B-1FC0-42AB-972E-EC689D9CF08D}" = CAMagic Mobile for Bluetooth
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Catan" = Catan - Die erste Insel
"conduitEngine" = Conduit Engine
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Digital Camera Driver" = Digital Camera Driver
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.8
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Lexmark 2200 Series" = Lexmark 2200 Series
"MAGIX Music Cleaning Lab SE D" = MAGIX Music Cleaning Lab SE 9.0.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Pixum ePrint" = Pixum ePrint 1.2
"Savings Sidekick" = Savings Sidekick
"Shop for HP Supplies" = Shop for HP Supplies
"StarOffice 5.0" = StarOffice 5.2
"SynTPDeinstKey" = Dell Touchpad
"Totalcmd" = Total Commander (Remove or Repair)
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2011 20:56:26 | Computer Name = Isi_Schleppix | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00a3a8ed, Prozess-ID 0xf18, Anwendungsstartzeit
01ccc68ddb0e5620.
Error - 30.12.2011 07:06:34 | Computer Name = Isi_Schleppix | Source = EventSystem | ID = 4621
Description =
Error - 30.12.2011 18:50:14 | Computer Name = Isi_Schleppix | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2011 21:18:59 | Computer Name = Isi_Schleppix | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0196a8ed, Prozess-ID 0xc10, Anwendungsstartzeit
01ccc75a2bb83ded.
Error - 31.12.2011 07:54:59 | Computer Name = Isi_Schleppix | Source = EventSystem | ID = 4621
Description =
Error - 31.12.2011 10:11:58 | Computer Name = Isi_Schleppix | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2011 21:28:25 | Computer Name = Isi_Schleppix | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 06:57:01 | Computer Name = Isi_Schleppix | Source = EventSystem | ID = 4621
Description =
Error - 01.01.2012 17:19:45 | Computer Name = Isi_Schleppix | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 17:32:21 | Computer Name = Isi_Schleppix | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x019ca8ed, Prozess-ID 0x134c, Anwendungsstartzeit
01ccc8ccd6f15eac.
[ AVer AutoUpdate Events ]
Error - 07.09.2012 04:17:25 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 07.09.2012 04:17:49 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 07.09.2012 04:18:11 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 07.09.2012 04:18:33 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 07.09.2012 04:18:55 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 07.09.2012 04:19:17 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 12.09.2012 19:50:52 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 13.09.2012 14:10:21 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 13.09.2012 14:10:43 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
Error - 13.09.2012 14:11:05 | Computer Name = Isi_Schleppix | Source = AVerUpdate Server | ID = 0
Description =
[ System Events ]
Error - 21.09.2012 06:47:43 | Computer Name = Isi_Schleppix | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.
Error - 21.09.2012 06:48:46 | Computer Name = Isi_Schleppix | Source = DCOM | ID = 10005
Description =
Error - 21.09.2012 06:48:57 | Computer Name = Isi_Schleppix | Source = DCOM | ID = 10005
Description =
Error - 21.09.2012 06:48:59 | Computer Name = Isi_Schleppix | Source = DCOM | ID = 10005
Description =
Error - 21.09.2012 06:49:38 | Computer Name = Isi_Schleppix | Source = Service Control Manager | ID = 7001
Description =
Error - 21.09.2012 06:49:38 | Computer Name = Isi_Schleppix | Source = Service Control Manager | ID = 7026
Description =
Error - 21.09.2012 06:52:21 | Computer Name = Isi_Schleppix | Source = DCOM | ID = 10005
Description =
Error - 21.09.2012 06:57:19 | Computer Name = Isi_Schleppix | Source = Service Control Manager | ID = 7000
Description =
Error - 21.09.2012 06:57:19 | Computer Name = Isi_Schleppix | Source = Service Control Manager | ID = 7009
Description =
Error - 21.09.2012 06:57:19 | Computer Name = Isi_Schleppix | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 12.09.2012 19:50:26 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 13.09.2012 09:01:51 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 16.09.2012 15:34:00 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.09.2012 17:43:43 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 18.09.2012 16:02:42 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 19.09.2012 17:17:55 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 20.09.2012 05:09:52 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 20.09.2012 06:48:16 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 20.09.2012 16:50:01 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 20.09.2012 18:54:26 | Computer Name = Isi_Schleppix | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
21.09.2012, 16:44
| #4 | |
| /// Malware-holic | GVU Virus, Rechner ist gesperrt! steht hier irgendwas von ner systemwiederherstellung? sehe nicht dass ich davon etwas geschrieben hätte, willst du am ende deinem pc noch mehr schaden, weil du irgendwelche aktionen durchführst? wenn du allein arbeiten willst,, kannst du dies gern tun, sag bescheid und ich kann meine zeit sinnvoller nutzen... Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.09.2012, 17:44
| #5 |
| | GVU Virus, Rechner ist gesperrt! Ok, sehe ich ein, dass das nicht sonderlich clever von mir war! Habe nun ComboFix durchgeführt Combofix Logfile: Code:
ATTFilter ComboFix 12-09-20.03 - Isabell 21.09.2012 18:23:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1712 [GMT 2:00]
ausgeführt von:: c:\users\Isabell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-21 bis 2012-09-21 ))))))))))))))))))))))))))))))
.
.
2012-09-21 16:32 . 2012-09-21 16:32 -------- d-----w- c:\users\Isabell\AppData\Local\temp
2012-09-21 16:32 . 2012-09-21 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 01:01 . 2012-09-13 01:01 -------- d-----w- c:\program files\Common Files\Skype
2012-09-12 13:54 . 2012-05-29 11:09 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-12 13:53 . 2012-09-12 13:54 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-09-12 13:53 . 2012-09-12 13:53 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-12 13:53 . 2012-09-12 13:53 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:52 . 2012-09-12 13:58 -------- d-----w- c:\users\Isabell\AppData\Roaming\OpenCandy
2012-09-12 01:40 . 2012-09-13 10:39 -------- d-----w- c:\users\Isabell\AppData\Roaming\Zuloip
2012-09-12 01:40 . 2012-09-12 23:59 -------- d-----w- c:\users\Isabell\AppData\Roaming\Editv
2012-09-07 13:31 . 2012-09-07 13:31 -------- d-----r- c:\users\Isabell\AppData\Roaming\Brother
2012-08-28 23:29 . 2012-08-30 22:27 -------- d-----w- c:\users\Isabell\AppData\Roaming\Egpi
2012-08-28 23:29 . 2012-08-28 23:29 -------- d-----w- c:\users\Isabell\AppData\Roaming\Hefelo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 16:04 . 2012-08-01 00:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 16:04 . 2012-08-01 00:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:04 . 2012-08-01 00:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-04 14:02 . 2012-08-16 01:04 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 08:44 . 2012-08-01 00:13 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D846BC7-8C91-4520-BA3E-AF41F2F25567}\mpengine.dll
2012-06-29 00:16 . 2012-08-16 01:05 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 01:05 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 01:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 01:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 01:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-27 05:33 . 2011-06-12 12:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-01-21 220744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-11 14:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" -bootmode
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickSet"=c:\program files\Dell\QuickSet\QuickSet.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
"SO5 Integrator Pass Two"=c:\windows\SOINTGR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Free YouTube Download - c:\users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{97304B73-8422-470A-A2B1-D1CD9BBBC24A}: NameServer = 139.7.30.125,139.7.30.126
FF - ProfilePath - c:\users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-21 18:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,f9,e0,1f,44,09,06,4d,a1,4a,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,f9,e0,1f,44,09,06,4d,a1,4a,38,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-21 18:34:58
ComboFix-quarantined-files.txt 2012-09-21 16:34
ComboFix2.txt 2012-09-21 16:09
.
Vor Suchlauf: 4.141.322.240 Bytes frei
Nach Suchlauf: 4.451.024.896 Bytes frei
.
- - End Of File - - 8E35E717E9C6284553D472885B226314
Würde mich freuen weiteres von dir zu lesen! Lieber Gruß |
|
21.09.2012, 18:49
| #6 |
| /// Malware-holic | GVU Virus, Rechner ist gesperrt! hi start programme zubehör, editor, kopiere rein: Killall:: folder:: c:\users\Isabell\AppData\Roaming\Zuloip c:\users\Isabell\AppData\Roaming\Editv c:\users\Isabell\AppData\Roaming\Egpic:\users\Isabell\AppData\Roaming\Hefelo datei speichern unter. speicherort, dort wo sich combofix.exe befindet, typ, alle dateien. name: cfscript.txt schalte wieder alle aktieven programme aus. ziehe cfscript.txt auf combofix, programm startet neues log posten bitte.
__________________ --> GVU Virus, Rechner ist gesperrt! |
|
21.09.2012, 23:04
| #7 |
| | GVU Virus, Rechner ist gesperrt! Combofix Logfile: Code:
ATTFilter ComboFix 12-09-20.03 - Isabell 21.09.2012 23:33:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1894 [GMT 2:00]
ausgeführt von:: c:\users\Isabell\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Isabell\Desktop\cfscript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
c:\users\Isabell\AppData\Roaming\Editv
c:\users\Isabell\AppData\Roaming\Zuloip
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-21 bis 2012-09-21 ))))))))))))))))))))))))))))))
.
.
2012-09-21 21:41 . 2012-09-21 21:44 -------- d-----w- c:\users\Isabell\AppData\Local\temp
2012-09-21 21:41 . 2012-09-21 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 01:01 . 2012-09-13 01:01 -------- d-----w- c:\program files\Common Files\Skype
2012-09-12 13:54 . 2012-05-29 11:09 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-12 13:53 . 2012-09-12 13:54 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-09-12 13:53 . 2012-09-12 13:53 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:52 . 2012-09-12 13:58 -------- d-----w- c:\users\Isabell\AppData\Roaming\OpenCandy
2012-09-07 13:31 . 2012-09-07 13:31 -------- d-----r- c:\users\Isabell\AppData\Roaming\Brother
2012-08-28 23:29 . 2012-08-30 22:27 -------- d-----w- c:\users\Isabell\AppData\Roaming\Egpi
2012-08-28 23:29 . 2012-08-28 23:29 -------- d-----w- c:\users\Isabell\AppData\Roaming\Hefelo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 16:04 . 2012-08-01 00:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 16:04 . 2012-08-01 00:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:04 . 2012-08-01 00:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-04 14:02 . 2012-08-16 01:04 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 08:44 . 2012-08-01 00:13 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D846BC7-8C91-4520-BA3E-AF41F2F25567}\mpengine.dll
2012-06-29 00:16 . 2012-08-16 01:05 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 01:05 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 01:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 01:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 01:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-27 05:33 . 2011-06-12 12:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-01-21 220744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-11 14:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" -bootmode
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickSet"=c:\program files\Dell\QuickSet\QuickSet.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
"SO5 Integrator Pass Two"=c:\windows\SOINTGR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Free YouTube Download - c:\users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{97304B73-8422-470A-A2B1-D1CD9BBBC24A}: NameServer = 139.7.30.125,139.7.30.126
FF - ProfilePath - c:\users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\fktkgogk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=97b956fc-8f67-4dde-aaf0-2498e61b1d71&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-21 23:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,f9,e0,1f,44,09,06,4d,a1,4a,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,f9,e0,1f,44,09,06,4d,a1,4a,38,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\DatacardService\HWDeviceService.exe
c:\windows\system32\lxbvcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-21 23:52:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-21 21:52
ComboFix2.txt 2012-09-21 16:34
ComboFix3.txt 2012-09-21 16:09
.
Vor Suchlauf: 5.117.513.728 Bytes frei
Nach Suchlauf: 4.987.375.616 Bytes frei
.
- - End Of File - - F669A6F12518959CA865B8284225EDCD
Ich hoffe, es hat was gebracht! Und sage für heute erst einmal:  |
|
22.09.2012, 18:10
| #8 |
| /// Malware-holic | GVU Virus, Rechner ist gesperrt! sehr gut nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.09.2012, 23:24
| #9 |
| | GVU Virus, Rechner ist gesperrt! Hi Markus, für Online Banking nutze ich ihn nicht, aber für Einkäufe bei Amazon und für meine Bewerbungen. Lieben Dank für die Hilfe...auch wenn ich es jetzt schon zum (wievielten?) 5.Mal sage! LG |
|
24.09.2012, 17:16
| #10 |
| /// Malware-holic | GVU Virus, Rechner ist gesperrt! hi du hast den zbot trojaner, wir setzen das system, da er sensible daten klaut, neu auf. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Virus, Rechner ist gesperrt! |
| abgesicherten, anderen, computer, dateien, fenster, geld, gesperrt, heute, nachricht, neu, nicht schließen, nichts, online, rechner, schließe, schließen, sichere, starte, starten, system, system neu, versucht, virus, wichtige, windows, zahlen |
Linear-Darstellung
