| |
| |||||||
Log-Analyse und Auswertung: GUV-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.10.2012, 20:29
| #1 |
| |  GUV-Trojaner Liebe Helfer. Leider habe ich den Rechner mit dem beschriebenen GUV-Trojaner infiziert. Da man die Schritte nicht blind befolgen soll, hier dazu also nochmal ein neues Thema. Zuerst habe ich defoggerausgeführt Ich habe mir dann von einem externen Rechner bereits OTL runtergeladen und ausgeführt, schaffe es aber noch nichtmal die entstandenen Texte als Anhang zu posten, deshalb nun im Text. Schonmal vielen Dank, falls mich jemand retten kann. OTL logfile created on: 10.10.2012 19:48:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 84,07% Memory free 5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 19,59 Gb Free Space | 17,51% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS Drive F: | 3,77 Gb Total Space | 2,75 Gb Free Space | 73,00% Space Free | Partition Type: FAT Computer Name: ***| User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (WiselinkPro) -- C:\Programme\Samsung\PC Auto Backup\WiselinkPro.exe (Samsung) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE292 IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.05 14:06:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 19:45:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.05 14:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions [2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.27 19:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\gcswf32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003..\Run: [wuyb.exe] C:\Users\***\AppData\Roaming\Ycdenu\wuyb.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://sb-frankfurt.e-learning.cc/content/bitmedia/de/wd04bg/awlm/awswax.cab (Macromedia Authorware Web Player Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00757275-7F72-47C3-903B-8C7A8BBB314A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7E7BF23-EF8C-4403-B976-1A3661F93B96}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5f62d853-be00-11e1-9dc2-0013779ac033}\Shell - "" = AutoRun O33 - MountPoints2\{5f62d853-be00-11e1-9dc2-0013779ac033}\Shell\AutoRun\command - "" = G:\iLinker.exe O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\_AUTORUN\AUTORUN.EXE O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\instDX\command - "" = E:\directX\dxsetup.exe O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 19:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.10.10 19:47:08 | 000,000,000 | ---D | C] -- C:\OTL [2012.10.10 13:15:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.09 21:23:50 | 000,000,000 | ---D | C] -- C:\User\***\Desktop\Alte Firefox-Daten [2012.10.09 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IObit [2012.10.09 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Snap Toolbar Removal Tool [2012.10.09 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2012.10.07 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.10.07 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.10.06 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ytegq [2012.10.06 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\*** [2012.10.03 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dpdhl.versandhelfer [2012.10.03 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012.10.02 20:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware [2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.29 20:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F5FB7147142D06680000F5FB70520CD0 [2012.09.28 15:10:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.09.27 19:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2012.09.27 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.27 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.09.27 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.22 10:18:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 10:18:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 10:18:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 10:18:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 10:18:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 10:18:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 10:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 10:18:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2008.07.26 21:29:01 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Johanna\AppData\Local\cmdial32.dll [1 C:\Users\Johanna\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 19:48:22 | 000,684,920 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.10 19:48:22 | 000,642,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.10 19:48:22 | 000,149,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.10 19:48:22 | 000,121,176 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.10 19:44:38 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.10 19:35:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 19:18:20 | 000,000,710 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012.10.10 19:18:16 | 000,000,710 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelper.job [2012.10.10 19:18:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 19:18:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 19:18:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 14:23:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.10.10 13:22:28 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.10.10 13:15:17 | 000,000,760 | ---- | M] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.10 13:15:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.09 21:25:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.09 20:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.09 20:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.09 13:58:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 13:58:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.07 16:30:05 | 000,001,191 | ---- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.03 11:21:46 | 000,000,838 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk [2012.10.03 11:17:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.10.02 20:21:19 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.09.30 10:41:45 | 000,025,600 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.28 18:48:49 | 000,003,385 | ---- | M] () -- C:\Windows\System32\dmlg.dat [2012.09.27 19:45:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [1 C:\Users\Johanna\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 19:44:38 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.10 13:15:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.10 13:15:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.10.07 17:12:18 | 000,000,710 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012.10.07 17:11:58 | 000,000,710 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelper.job [2012.10.03 11:21:46 | 000,000,838 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk [2012.10.02 20:21:19 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.09.27 19:45:57 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.27 19:45:57 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.04 20:13:54 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe [2011.07.28 22:18:17 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.02.21 18:48:45 | 000,064,544 | ---- | C] () -- C:\Users\***\ESt2010_***_***.elfo [2011.02.02 18:36:54 | 000,001,318 | ---- | C] () -- C:\Users\***\Bildbestellung.html [2011.01.16 17:51:07 | 000,528,810 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2011.01.04 17:41:54 | 000,006,926 | ---- | C] () -- C:\Users\***\xx.elfo [2011.01.04 17:09:36 | 000,006,914 | ---- | C] () -- C:\Users\***\Neuer Versuch.elfo [2011.01.04 15:57:49 | 000,006,947 | ---- | C] () -- C:\Users\***\xy.elfo [2010.12.29 17:42:56 | 000,006,936 | ---- | C] () -- C:\Users\***a\neu.elfo [2010.02.03 11:29:38 | 000,079,656 | ---- | C] () -- C:\Users\***\Steuererklärung 2009.elfo [2009.11.21 12:33:59 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2008.11.17 21:06:40 | 001,272,767 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.07.27 17:43:03 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.05.15 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.10.03 11:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dpdhl.versandhelfer [2012.10.07 16:30:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.05.18 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.28 14:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.10.09 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.04.09 19:17:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.06.18 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2012.10.07 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.09.22 19:57:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.06.19 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2012.06.20 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2012.10.09 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ycdenu [2012.10.09 21:03:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ytegq ========== Purity Check ========== < End of report > OTL Extras logfile created on: 10.10.2012 19:48:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 84,07% Memory free 5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 19,59 Gb Free Space | 17,51% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS Drive F: | 3,77 Gb Total Space | 2,75 Gb Free Space | 73,00% Space Free | Partition Type: FAT Computer Name: JOHANNA-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003F8AFF-4DB4-42A2-963C-CFD7241A81F6}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe | "{02F1B898-FAD2-48D0-A23A-DCF8E4FC33B0}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe | "{3DCDB1C0-1626-445F-98C1-6C3EF1D859A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{45D37703-D9A4-4240-A611-2EC125D6EB5D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{93AF3ADA-24D0-46D2-B0DE-9EA5ED1E066D}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | "{9A61B122-8FF4-469C-9AF3-187C75EE8D97}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | "{A2B79F90-F99C-4244-B65D-7F04A987156C}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | "{AD160868-3849-41EA-845A-165ADC241E8B}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | "{F1096425-1F70-46DA-A4A2-164CDE6A47BC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "TCP Query User{130E3ABB-4092-4D75-AAE2-242912396E12}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{323883A4-BC79-47F9-845A-1EE380D38F6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{59434B0B-7A12-491A-AFC8-046C87D97339}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{6EF1125B-8A25-41EC-A085-45603AEA1BFA}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | "TCP Query User{85411E5F-A34B-4068-91A7-472345B70179}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "TCP Query User{89FD3B1F-F05E-4571-8ACB-295970AB2FE5}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | "TCP Query User{8FB9B96C-941F-4966-A597-D58AAD11942D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{92BEACB7-EF3C-4309-A39A-4BF3D19C1C7A}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | "TCP Query User{C2BF57B3-DFFD-4B41-9FB7-876B77F994CD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{C52B0703-73D3-4355-BB4F-397A2A447B7B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{CE797456-0134-4977-884A-116772B9CED0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{125869F3-7255-430A-BF4D-5F63063D15C2}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | "UDP Query User{1DDACD49-39B7-4C23-A84F-88A7CB5E51CF}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{20F6C3F5-F8AB-4AFF-83DD-749A06AB125B}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | "UDP Query User{739FFC34-CB9E-4760-A68C-95285D903C6A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "UDP Query User{74A55798-9103-49A9-BC1D-A2176DF4BC0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{A1C39BFF-5476-4BD2-918F-54B4E6E182E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{AB5C633B-D9AF-406D-8165-F19D156D5AB1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{B6B4B208-363F-4D60-8B3B-1C4141C4E739}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{CDA9DF7F-DAFD-4DC8-B5B0-60DA1F8BDCE7}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | "UDP Query User{E9A2A45C-A9F1-4EDE-B470-23608AEF67CC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{FEB964E3-44EA-4827-89E9-5580AB282073}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{082DF5B7-6572-6B88-F9F3-E1A41707F4A7}" = CCC Help Czech "{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager "{0EE315C8-0081-8B6B-12AF-D26BBF275A82}" = CCC Help Korean "{10F29C04-6DFA-65AD-B5AA-744255B4D7C8}" = CCC Help Polish "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{287A32EF-A420-6596-ADDA-A9DE9A897796}" = CCC Help Portuguese "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AE84E70-5E53-C8B0-F423-C6494B4FEBED}" = CCC Help German "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{2EB709B5-0355-B855-8CC0-00821C49DA8B}" = Catalyst Control Center Localization Dutch "{2F00CF0D-C670-9BD6-51FD-8DD1A0A42E37}" = Catalyst Control Center Localization Czech "{2F2BB2EC-8494-3C43-6ABF-FEF5C05F3DA6}" = Catalyst Control Center Localization Polish "{313EAEC4-F4E1-31B9-4F38-107FF621B31F}" = CCC Help Turkish "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{32E64DF2-8426-C9E0-2829-5485AB959225}" = Catalyst Control Center Core Implementation "{3345B08C-5CAF-AF8C-301C-1B159BB51556}" = Catalyst Control Center Localization Japanese "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3C25440D-FBA4-A668-D088-26842B689ADB}" = CCC Help French "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DFAF6BC-4FE2-5B0D-1C9B-F2055968277B}" = Catalyst Control Center Localization German "{3FFE6A7B-13B9-494C-29D7-EB46E9E6646C}" = Catalyst Control Center Localization Russian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{436B50D2-4CA3-A53D-00CF-482A886A1524}" = CCC Help Finnish "{46623DE3-FDA8-2141-C951-1A2DFA420D03}" = Skins "{480F7F23-279B-96A4-FAD2-7014D36B79C4}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{56682EAB-48F1-7187-4F48-1FF9645A1D07}" = Catalyst Control Center Localization Finnish "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E031BFC-0827-26D4-FDD3-B8D68472DAE1}" = Catalyst Control Center Localization Portuguese "{5F29B192-AE83-2636-747D-C5D83E79E8FE}" = Catalyst Control Center Localization Chinese Traditional "{5FE21275-8D6C-CD0F-5B36-394636C0D264}" = CCC Help Thai "{6001A55E-2A00-C407-67DB-DCFB3E0CD6F2}" = Catalyst Control Center Graphics Previews Vista "{6290211A-CB26-FD7E-F214-21B15A5F7C87}" = Catalyst Control Center Localization Korean "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{681C334E-6E93-84BF-E371-26109B7BF8B8}" = Catalyst Control Center Localization Italian "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B898739-AE0B-574E-9E7F-DCC7907372A0}" = CCC Help English "{6B991234-EB5B-4FB3-5873-3946854F0850}" = Catalyst Control Center Localization Hungarian "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{79538CDE-83AC-0264-3125-145F33D63B88}" = Catalyst Control Center Graphics Light "{7A00BF8A-A7E5-D3E0-B17F-06BC5AEC48F6}" = CCC Help Japanese "{7D97029D-B047-F3A1-D6C0-BFF3647AC943}" = Catalyst Control Center Localization French "{87009005-9492-1307-F01A-25C1554F4F32}" = ccc-core-static "{87824C5E-2830-63FC-177E-05E16F55F596}" = CCC Help Swedish "{8E8FFB67-9316-F95E-969F-402722568272}" = CCC Help Italian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{961DC9E8-DDAF-6271-AD0A-689909295476}" = CCC Help Chinese Standard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A413023B-583C-4BDD-A639-346B1579DC01}" = Catalyst Control Center Localization Thai "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A54A1F3D-E2E0-C9F9-8112-8F0C5A6B06E0}" = Catalyst Control Center Localization Swedish "{A5C67209-3FC7-A6FF-F7FB-079586F223CC}" = Catalyst Control Center Localization Danish "{A7A27439-E5CD-AF54-FD49-8A08354D5122}" = Catalyst Control Center Localization Chinese Standard "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AD92E291-E249-4AAD-C8FF-BAF0FC7AFE9C}" = CCC Help Greek "{B15C935A-8944-937D-6FA4-D69BEFFEA643}" = CCC Help Spanish "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7263C56-AED3-3D55-918C-E0BAFCCBF0C7}" = CCC Help Russian "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BB219FC1-008E-7D0D-91A0-CAE6D03DAC8C}" = Catalyst Control Center Localization Norwegian "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{C550F812-14C4-23F5-F369-6761A9C0E864}" = CCC Help Dutch "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0 "{CAED2BFB-E4D5-D367-7179-D09E73C85938}" = Catalyst Control Center Localization Greek "{CAF81DB8-F5DC-DF09-18A6-DD61635305E8}" = CCC Help Chinese Traditional "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager "{D4186013-EE74-7570-17D3-38BC3632D51A}" = CCC Help Norwegian "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D9CE4019-982E-BF95-18CE-5EBB5D75D939}" = Catalyst Control Center Graphics Full New "{DDD45306-E4F0-D309-447F-7B1A0F6F9CAB}" = Catalyst Control Center Localization Spanish "{E28201F3-2C09-FCD1-6934-84A3A9E4F0BF}" = CCC Help Danish "{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A7EE8F-94F0-374C-E4F2-B7CDDE56ECA8}" = Catalyst Control Center Graphics Full Existing "{F790AD19-127F-9BD7-2655-13E3DA0D7BC2}" = ccc-utility "{FC20E3FB-60DB-8CFB-4649-CB2F2092F6B2}" = CCC Help Hungarian "{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "7-Zip" = 7-Zip 9.21beta "ABC Amber Audio Converter" = ABC Amber Audio Converter "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Agere Systems Soft Modem" = Agere Systems HDA Modem "Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6 "ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7 "ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007 "CDex" = CDex extraction audio "Diablo" = Diablo "ElsterFormular ***unknown variable buildnummer***" = ElsterFormular "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Heroes of Might and Magic II" = Heroes of Might and Magic II "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete "HP OrderReminder" = HP OrderReminder "HP-LaserJet 1018" = LaserJet 1018 "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "Intelli-studio" = SAMSUNG Intelli-studio "IrfanView" = IrfanView (remove only) "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PROHYBRIDR" = 2007 Microsoft Office system "RealPlayer 15.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "Vokabeltrainer für Windows_is1" = Vokabeltrainer für Windows Version 1.51 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.10.2012 09:11:53 | Computer Name = ***-PC | Source = VSS | ID = 8194 Description = Error - 09.10.2012 09:12:45 | Computer Name =***-PC | Source = VSS | ID = 8194 Description = Error - 09.10.2012 09:12:46 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel 0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b, Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567, Prozess-ID 0x1610, Anwendungsstartzeit 01cda61f755b6f25. Error - 09.10.2012 09:13:37 | Computer Name = ***-PC | Source = VSS | ID = 8194 Description = Error - 09.10.2012 09:34:49 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11706 Description = Error - 09.10.2012 15:19:38 | Computer Name = ***-PC | Source = VSS | ID = 8194 Description = Error - 09.10.2012 15:25:29 | Computer Name = ***a-PC | Source = EventSystem | ID = 4621 Description = Error - 10.10.2012 07:21:04 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel 0x503723f6, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x13cc, Anwendungsstartzeit 01cda6d953997d2f. Error - 10.10.2012 07:24:14 | Computer Name = ***-PC | Source = EventSystem | ID = 4609 Description = Error - 10.10.2012 13:36:15 | Computer Name = ***-PC | Source = EventSystem | ID = 4609 Description = [ OSession Events ] Error - 07.02.2009 14:45:26 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.02.2009 18:22:32 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 130 seconds with 120 seconds of active time. This session ended with a crash. Error - 27.02.2009 18:23:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10.10.2012 07:25:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10.10.2012 07:42:21 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 10.10.2012 07:45:03 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 10.10.2012 13:35:53 | Computer Name = ***-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 10.10.2012 um 19:18:47 unerwartet heruntergefahren. Error - 10.10.2012 13:36:05 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 10.10.2012 13:36:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 10.10.2012 13:36:42 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 10.10.2012 13:37:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 10.10.2012 13:37:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10.10.2012 13:59:31 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = < End of report > |
| Themen zu GUV-Trojaner |
| 7-zip, autorun, avira, bho, converter, defender, emsisoft, error, explorer, firefox, flash player, format, guv trojaner, home, iexplore.exe, install.exe, logfile, microsoft office 2003, mp3, msiinstaller, office 2007, opera, plug-in, realtek, registry, rundll, scan, security, server, software, udp, vista, wlan |
Baum-Darstellung