| |  "Dieses Programm kann die Webseite nicht anzeigen"
 Hallo Trojaner-Board-Team!
Heute hats mich auch erwischet.
Vielleicht könntet ihr euch das mal anschauen.
Vielen Dank,
Julian
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.29.03
Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
JL :: JL-PC [Administrator]
29.09.2012 16:56:24
mbam-log-2012-09-29 (17-26-57).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188513
Laufzeit: 3 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|erqsdahajfiidle (Trojan.Winlock) -> Daten: C:\ProgramData\erqsdaha.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\ProgramData\erqsdaha.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
C:\Users\JL\ms.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
(Ende)
OTL.txt Zitat:
OTL logfile created on: 9/29/2012 5:25:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JL\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.80% Memory free
5.99 Gb Paging File | 5.21 Gb Available in Paging File | 87.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.87 Gb Total Space | 62.74 Gb Free Space | 61.58% Space Free | Partition Type: NTFS
Drive D: | 181.12 Gb Total Space | 117.88 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive E: | 438.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JL-PC | User Name: JL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/29 17:19:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JL\Desktop\OTL.exe
PRC - [2012/09/10 22:19:41 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/23 16:28:27 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/05/23 17:15:25 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 20:35:26 | 001,101,960 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/10 22:19:41 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 23:08:41 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/09/10 22:19:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/23 17:15:25 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/16 16:26:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011/12/16 16:26:22 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV - [2012/09/29 16:56:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/10/28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/07 15:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/17 05:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/06/01 10:06:36 | 000,013,312 | -H-- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE462DE462
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 21:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 21:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 22:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/18 16:30:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 22:19:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/18 16:30:37 | 000,000,000 | ---D | M]
[2011/12/14 23:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JL\AppData\Roaming\mozilla\Extensions
[2012/09/20 06:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JL\AppData\Roaming\mozilla\Firefox\Profiles\cqq0ywbf.default\extensions
[2012/09/20 06:53:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\JL\AppData\Roaming\mozilla\Firefox\Profiles\cqq0ywbf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/09/16 20:55:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\JL\AppData\Roaming\mozilla\Firefox\Profiles\cqq0ywbf.default\extensions\ich@maltegoetz.de
[2012/07/25 13:40:59 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\JL\AppData\Roaming\mozilla\firefox\profiles\cqq0ywbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/30 01:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/09/10 22:19:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/19 17:34:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/10 22:19:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/19 17:34:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/19 17:34:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 17:34:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 17:34:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [erqsdahajfiidle] C:\ProgramData\erqsdaha.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E366DA8A-EC55-4CAC-9A1B-0C76A4645162}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E488A3F8-AA57-4C15-89A8-1BAD2C257857}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/02/01 03:53:50 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d656d49-cf3a-11e1-a1e4-002454240c57}\Shell - "" = AutoRun
O33 - MountPoints2\{2d656d49-cf3a-11e1-a1e4-002454240c57}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cda814d1-ac1a-11df-b5fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cda814d1-ac1a-11df-b5fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\runthis.exe index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/29 17:19:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JL\Desktop\OTL.exe
[2012/09/29 16:53:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/29 16:53:08 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Local\ElevatedDiagnostics
[2012/09/29 16:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\lmwarlnmjertohv
[2012/09/25 18:00:07 | 000,000,000 | ---D | C] -- C:\Users\JL\Desktop\Projekte
[2012/09/25 17:37:49 | 000,000,000 | ---D | C] -- C:\Users\JL\bluej
[2012/09/25 16:28:52 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
[2012/09/25 16:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\BlueJ
[2012/09/24 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\JL\Documents\Klett
[2012/09/24 22:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett
[2012/09/24 22:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Klett
[2012/09/18 16:58:43 | 000,000,000 | ---D | C] -- C:\Users\JL\greenfoot
[2012/09/18 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\JL\Desktop\Buchszenarien
[2012/09/18 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
[2012/09/18 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Greenfoot
[2012/09/18 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/10 21:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/06 23:43:57 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Roaming\Ad-Aware Antivirus
========== Files - Modified Within 30 Days ==========
[2012/09/29 17:19:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JL\Desktop\OTL.exe
[2012/09/29 16:56:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/29 16:53:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/29 16:40:06 | 000,000,384 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2012/09/29 16:39:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/29 16:39:30 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/29 16:30:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 16:30:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 16:23:32 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/29 16:23:08 | 000,432,328 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/29 16:21:09 | 000,076,349 | ---- | M] () -- C:\ProgramData\gmsxywljxriyjyn
[2012/09/29 16:21:02 | 000,072,704 | ---- | M] () -- C:\Users\JL\ms.exe
[2012/09/29 16:21:02 | 000,072,704 | ---- | M] () -- C:\ProgramData\erqsdaha.exe
[2012/09/29 16:20:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/29 13:38:53 | 096,052,554 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/09/28 14:46:10 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2012/09/28 14:46:10 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2012/09/27 16:11:54 | 008,688,724 | ---- | M] () -- C:\Users\JL\Desktop\up the coast 128.avi
[2012/09/27 06:16:13 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/26 18:03:08 | 000,095,042 | ---- | M] () -- C:\Users\JL\Desktop\kinderturnenangeraeten_sprung.pdf
[2012/09/26 17:29:08 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/26 17:29:08 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/26 17:29:08 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/26 17:29:08 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/26 17:26:48 | 007,352,437 | ---- | M] () -- C:\Users\JL\Desktop\GT-I9100_UM_T-Mobile_Icecream_Ger_Rev.1.2_120621_Screen.pdf
[2012/09/24 22:00:24 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Klett Software Sicher ins Abitur.lnk
[2012/09/18 16:55:49 | 003,132,911 | ---- | M] () -- C:\Users\JL\Desktop\Pearson Anmeldung.pdf
[2012/09/18 16:38:27 | 000,001,887 | ---- | M] () -- C:\Users\JL\Desktop\Greenfoot.lnk
[2012/09/11 06:52:35 | 000,000,660 | ---- | M] () -- C:\Users\JL\Documents\11.09.2012.binc
[2012/09/10 21:23:44 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/09/29 16:53:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/29 16:24:22 | 000,000,384 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2012/09/29 16:21:08 | 000,072,704 | ---- | C] () -- C:\ProgramData\erqsdaha.exe
[2012/09/29 16:21:02 | 000,076,349 | ---- | C] () -- C:\ProgramData\gmsxywljxriyjyn
[2012/09/29 16:21:02 | 000,072,704 | ---- | C] () -- C:\Users\JL\ms.exe
[2012/09/27 16:11:41 | 008,688,724 | ---- | C] () -- C:\Users\JL\Desktop\up the coast 128.avi
[2012/09/27 15:25:35 | 008,217,333 | ---- | C] () -- C:\Users\JL\Desktop\Up the coast 128.mpg
[2012/09/27 06:16:13 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/26 18:03:08 | 000,095,042 | ---- | C] () -- C:\Users\JL\Desktop\kinderturnenangeraeten_sprung.pdf
[2012/09/26 17:20:43 | 007,352,437 | ---- | C] () -- C:\Users\JL\Desktop\GT-I9100_UM_T-Mobile_Icecream_Ger_Rev.1.2_120621_Screen.pdf
[2012/09/24 22:00:24 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Klett Software Sicher ins Abitur.lnk
[2012/09/18 16:55:49 | 003,132,911 | ---- | C] () -- C:\Users\JL\Desktop\Pearson Anmeldung.pdf
[2012/09/18 16:38:27 | 000,001,887 | ---- | C] () -- C:\Users\JL\Desktop\Greenfoot.lnk
[2012/09/11 06:50:30 | 000,000,660 | ---- | C] () -- C:\Users\JL\Documents\11.09.2012.binc
[2012/07/16 15:03:40 | 000,069,632 | ---- | C] () -- C:\windows\UNINSTCC.EXE
[2012/07/11 15:04:01 | 000,000,051 | ---- | C] () -- C:\ProgramData\sagqftrnyizfeub
[2012/05/29 16:24:21 | 000,000,448 | ---- | C] () -- C:\ProgramData\sjgnfttnnizfrub
[2012/05/22 14:06:54 | 000,003,584 | ---- | C] () -- C:\Users\JL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 00:45:56 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/01/12 00:09:59 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2012/01/06 12:37:06 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2012/01/06 12:37:06 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2012/01/05 00:31:31 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2012/01/05 00:31:28 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2012/01/05 00:31:28 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2012/01/05 00:31:27 | 000,079,360 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/08/24 13:25:05 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/12/14 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ACD Systems
[2012/09/06 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Ad-Aware Antivirus
[2012/06/17 23:52:21 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Amazon
[2012/01/06 12:31:29 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\AVG2012
[2012/07/16 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\DAEMON Tools Lite
[2012/09/23 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Dropbox
[2012/04/02 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\OpenCandy
[2012/01/18 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\OpenOffice.org
[2012/01/12 00:10:01 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\pdfforge
[2012/04/02 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\rockbox.org
[2012/01/15 15:43:01 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Samsung
========== Purity Check ==========
< End of report >
| gmer.txt Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-29 17:59:28
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: lvzuz5mw.exe; Driver: C:\Users\JL\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackTransaction + 13ED 824888A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 824A82F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[728] USER32.dll!CharToOemA + 3A 75DFB1DE 7 Bytes JMP 6BE8DF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[728] USER32.dll!AdjustWindowRectEx + 117 75E0660F 7 Bytes JMP 6BE8DEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[728] USER32.dll!GetWindowInfo 75E06A82 5 Bytes JMP 6BCD4536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[728] USER32.dll!MenuItemFromPoint + F 75E24B36 7 Bytes JMP 6BCD4B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1096] ntdll.dll!wcsncmp + 33B 7792F420 7 Bytes JMP 6BB80C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1096] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 760CC057 7 Bytes JMP 6BDB7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1096] kernel32.dll!CloseHandle + 38 760D058F 7 Bytes JMP 6BDB7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1096] kernel32.dll!GetExitCodeProcess + 2C 760D30DD 7 Bytes JMP 6BB83FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1096] GDI32.dll!GetViewportOrgEx + 21C 77A285EB 7 Bytes JMP 6BDB7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
| extras.txt Zitat:
OTL Extras logfile created on: 9/29/2012 5:25:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JL\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.80% Memory free
5.99 Gb Paging File | 5.21 Gb Available in Paging File | 87.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.87 Gb Total Space | 62.74 Gb Free Space | 61.58% Space Free | Partition Type: NTFS
Drive D: | 181.12 Gb Total Space | 117.88 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive E: | 438.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JL-PC | User Name: JL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A0B2E91-B5C8-4045-B752-C0BBC28090CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A7FF64B-2BE8-47D1-9743-F5D96ABC6C68}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F456C1C-1CA0-47D3-A869-9603A25DF9B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BCFDDF6-FC05-4639-9E7C-5C34957A878C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F18A845-FFCB-4755-8B42-D418C3434430}" = lport=2869 | protocol=6 | dir=in | app=system |
"{420489BD-FD1E-4DA4-86DD-4B2BE222068A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4759BC94-352E-400C-A45A-F514D12D2F01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78964069-7C18-4B3B-8C34-6208729D6793}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C1F32D-217A-4F6C-B33F-195FAA1EB18E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86AF0534-6E4B-47C4-ABDC-B4C61FF6F7F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AEF0DBC-05A0-44AB-B457-68284007382D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9971411C-E6E3-450A-A44A-10B514D7C5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{A22907AB-7453-4837-9F6F-9E25674800B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADC48194-FEE5-4402-B10E-30607ABE82FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B03C7827-C091-4FC2-B1BD-FAF8895DC148}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B59C8CB8-CE34-47BF-8421-CC1717157BF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B70F18EF-68E2-4960-AFF2-8A6502FD94B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD246E4B-5ED8-4D40-ADA6-C961E957F33C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8AE4CDE-D485-44E3-9071-ABDB73AEA5E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1EC582F-0AF0-4E38-91E1-83EBA94AA892}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6CDF8C3-66F6-422A-A6B5-F7A3303B6C3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB0DE181-F4E6-4276-A68B-4EDC64203ACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E273E01B-B3F3-438E-9530-87E6081BAE3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E45D5BDC-7CF9-4038-95EC-5F669FBCC80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC7ED0D0-1BE1-4F11-89CD-6E17AC3871F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06165D28-D894-4689-B797-FE1130E53623}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{0DAD0CD1-B8EC-46B1-ACD3-ACEC95B87D85}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{0FFF658A-21FB-47A9-A31E-40A709BA1B11}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{108041B6-B484-49C2-B7D4-794C7726CD5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{11F53623-2C52-43E4-8C63-8C115C9D3AEE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1ABD902A-5CDA-473B-924B-41610AED3EAD}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{2718AD5D-4C6A-44DD-B1E3-9CB547F6BF99}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3015872E-A3C6-4712-866E-E773A620C547}" = protocol=6 | dir=in | app=c:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe |
"{32B1A1B3-FEEC-46BB-A596-A984F4E7DC62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{343EC973-6823-4C9F-874E-57806958B3ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3843C96F-812F-43EA-9CDE-B5EA17E41306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A55F709-788C-4E23-BEA0-9BB88144CF15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EA9D0D4-1EB1-4E12-A668-4945597BD2A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{687B0F87-298B-4EAA-B9B2-07D3801D05FB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{6BB2469C-E9F6-414F-BB39-06A9B321E417}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7D07CA63-3398-4FD0-9E4E-C40B4167CC5A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{849839BA-2845-4DB3-8E9D-07DD8C5DCA87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87A7A084-2653-4215-AFC6-B26DD07D878F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8C1813D3-CD0F-42A4-B6E4-BC5519F13663}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{963F3C47-0616-488E-B5E7-7FCC92BCFD2F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9832B6FB-D42C-4F54-B2DB-1BDF560D2C1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98B56D76-5C57-4277-9348-220A467A7EA6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{9D1C220A-9811-48F8-B858-F29087AA8969}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{A7275256-D37D-461B-B00F-9BBCBB568937}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF5D0343-E779-4F0F-8933-E6B54C02E5CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7A2BB4F-9970-4620-AA85-5A4B2B0E5236}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{B840F0D9-E710-4B45-B1A3-8C4F9B153BBB}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{B8C1B872-C7B6-443F-9A95-A87C6A918248}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBD235C5-EFBB-46DD-82B8-DE68C56C39D7}" = protocol=6 | dir=out | app=system |
"{D5248030-A3B5-45E2-A813-9BBCC95AE525}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E13F8931-58ED-4097-8565-38D594957FBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E3FDB03A-5CDD-47CA-A277-144B4C2734DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAE90CDD-D327-41C2-9C3C-D57FE5675E36}" = protocol=17 | dir=in | app=c:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe |
"{EC294D22-B6E7-42FB-B6C9-5886843E4218}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F18979FA-7E42-4E75-AEE1-8A4D260A7B7F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F3B1C6B3-C398-4CA1-99F6-FC90098EB87B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAA5B226-886B-497E-B865-07156426A9F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"TCP Query User{0B5ED49B-2F5E-47B0-9D33-3E9001727BD9}C:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3FAB2B83-58EE-42B9-8575-F1E4C2D0E807}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"TCP Query User{3FDC48E1-06A3-42E6-B0DE-4C418013881A}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"TCP Query User{48CD3D69-42E4-404E-9CC6-887A9E5587D9}C:\program files\greenfoot\greenfoot.exe" = protocol=6 | dir=in | app=c:\program files\greenfoot\greenfoot.exe |
"TCP Query User{4BBEC911-74CB-4F23-A53A-55428C91DC59}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{05A79E95-6C7F-4728-B3C5-D6960AAB6BC4}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"UDP Query User{54EA8CFA-49B8-49B6-8B50-D81C03B78C06}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{55DAEB55-9304-469E-83FE-FB3BC726FBC5}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A58FA649-104F-4A6B-B390-D90915382ED7}C:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jl\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AF4574E4-7570-4416-836B-F8B8B3D20575}C:\program files\greenfoot\greenfoot.exe" = protocol=17 | dir=in | app=c:\program files\greenfoot\greenfoot.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}" = Greenfoot
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVG" = AVG 2012
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX-Setup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"Klett Software Sicher ins Abitur" = Klett Software Sicher ins Abitur
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/5/2012 3:56:14 PM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/6/2012 10:27:38 AM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/7/2012 1:32:12 AM | Computer Name = JL-PC | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.3.9556.500 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 144 Startzeit:
01cd8b9e9328a56a Endzeit: 72 Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin
Berichts-ID:
530d810b-f8ad-11e1-8e3c-002454240c57
Error - 9/7/2012 8:31:56 AM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/8/2012 9:45:22 AM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/9/2012 5:02:38 PM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/9/2012 5:54:22 PM | Computer Name = JL-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 9/9/2012 5:54:47 PM | Computer Name = JL-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 9/10/2012 3:43:30 PM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/11/2012 8:57:39 AM | Computer Name = JL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 7/29/2012 10:57:16 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/29/2012 10:57:25 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 8/5/2012 3:35:18 PM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 8/5/2012 3:35:32 PM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 8/7/2012 6:26:19 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 8/7/2012 6:26:26 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 8/7/2012 5:13:40 PM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 8/7/2012 5:13:46 PM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 8/8/2012 10:09:05 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 8/8/2012 10:09:11 AM | Computer Name = JL-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
|
|
29.09.2012, 17:06
Baum-Darstellung