| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook Account - ZahlungsaufforderungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.10.2012, 15:50
| #1 |
 |  Facebook Account - Zahlungsaufforderung Hallo, habe seit gestern keinerlei Chance mehr mein FB-Profil zu nutzen, geschweige denn auszuloggen. Ich hab ne Meldung, die ich nicht wegklicken kann, wo mich auffordert 10 Cent zu überweisen. Habe dei Meldung als Screenshot angehängt. Auch startet mein Virenproggi nimmer richtig und der TaskManager geht auch noch kaum auf. Bin sehr auf eure Hilfe angewiesen, weiss ja noch nich mal ob das ein Virus oder Trojaner ist. |
|
22.10.2012, 15:54
| #2 |
| /// Malware-holic   | Facebook Account - Zahlungsaufforderung hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.10.2012, 17:04
| #3 |
| | Facebook Account - Zahlungsaufforderung so, der Suchlauf ist beendet und hier ist das Ergebnis:
__________________Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 22.10.2012 17:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Die Hönigs\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 56,42% Memory free
3,75 Gb Paging File | 2,96 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 26,10 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 68,08 Gb Free Space | 97,26% Space Free | Partition Type: NTFS
Drive E: | 407,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DIEHÖNIGS-PC | User Name: Die Hönigs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C9FBAC-FFCB-4186-9BD2-C27173B1BAA1}" = lport=139 | protocol=6 | dir=in | app=system |
"{0A94A34D-80A7-4C46-8E9B-EDA80D059F5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14CC8995-792A-41FA-86C0-A07844897BF1}" = rport=139 | protocol=6 | dir=out | app=system |
"{19DB53C3-F621-41BA-A1EE-E4820ECE76C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24CCD08C-2006-4704-AE73-28022A76710D}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C5BBFAB-274F-4AC6-83FA-5262BE8579FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3739D62D-E1F0-4B1E-8051-C2DC57D0434F}" = rport=445 | protocol=6 | dir=out | app=system |
"{379FDBAB-9A23-4001-9E72-BA4C7A2FE82A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C9EC162-449E-482A-A17A-1E0BFA724CFF}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{4F2E2227-0941-4538-B86F-A16986903BB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{55067AA5-CD4C-4BE7-917C-940AB3FE0DEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{55216AF7-AA3A-4D19-A176-2DE8AFEE9678}" = lport=445 | protocol=6 | dir=in | app=system |
"{697AF90C-2854-4E7D-B322-BF05D918D18A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AAF5558-45C3-43F5-85BA-FF02712B3199}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{6B1509C7-F6AB-4781-9BA2-87AE01A81F31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BC75925-5123-4C93-A5F7-F99258E36444}" = lport=10243 | protocol=6 | dir=in | app=system |
"{85C720BA-851B-4293-85E1-F780CBB25808}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B91AFAFC-47BF-46CD-9CEF-49C9B60BB911}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCD4C114-EA28-468F-8850-C602FAF07DE2}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBCBDB12-2C04-4B3C-B27F-0F31E3FFD6A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D38236AF-8AAC-47DF-A17A-3B90ACB3C3C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF0BFEBC-F0FE-44FB-B07E-C4C58A521A32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B7F122-DF2E-4BFC-A477-AC3852191C26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0EB47C2B-F71C-41AE-B882-3D4F0BC59FC0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{16AC18B9-947F-43CE-8510-A8E50E0D82AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{193F9E94-4FF0-43C4-9303-1A8D4EFCC0A5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{3525452B-35B2-4A88-8622-9EF7A67B2409}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{3CE93F11-3BD5-449A-8D79-E46E48E6DB22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4AC885A3-F5F7-4D51-991A-27FA6E77C2D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{619ADFC8-B00F-4446-BCB6-F6409D367B6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6AEADA80-B421-432C-A148-9378BE5CEB9C}" = protocol=6 | dir=in | app=c:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe |
"{6DA577D6-B174-4A10-ADD1-DA83DFFEF47E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6EF7CEC9-5EE9-4367-8CAF-28E90CBD2245}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{7817B417-D0AF-46F8-B8B5-BC275AF4D9BB}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{7CB711AF-A41C-4941-BCB0-9F2A973741C7}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
"{9183891D-7F3C-4B78-A5DD-7CA663279E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{970E67BB-0F93-4219-AB99-BC56B96A1A1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D7B5318-A06F-49FE-9ED4-8E8672875A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A27B885C-5FBA-44CF-BFA8-75028D82554A}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{AC185436-FF30-4801-A519-9C60FEEC262F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4846AD1-2B06-4742-8D88-FFD2D166C517}" = protocol=17 | dir=in | app=c:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe |
"{B923E14C-045E-4CDB-B676-723E297F09DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA077721-9544-45D5-A59A-C3E88B0CEE87}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CD0BB90C-5774-4783-B5EC-1304D324734E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D016BB4D-B42E-4ADB-A9AE-C09871305786}" = protocol=6 | dir=out | app=system |
"{DCBCD731-83FC-4C0B-87D7-9E4487D4A77E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DDE935B9-D220-46FE-9037-BD61A50C280C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DEEC138F-A032-4A2A-AB35-FF78CE1811F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1459A44-5DAD-4205-8BA8-5D5DC937A60D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E8E81FBB-665B-4BF3-B2E9-A22ADB9BC6B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9D7D1CD-4172-42D3-9C7E-85ED55EDC2CF}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{EAD2973E-D6CE-4EB1-BFA2-8B062AD0EF33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F40AD138-8CE0-4704-B01C-D6DB3CED9316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC034F0D-494C-40A6-BE0C-7A2586E02F24}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
"{FDCBFAB4-62B7-487A-9682-FE19A20E1D99}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{01FE7E3C-B01D-467B-87D5-036A08B1AB59}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{033FCEB3-6BDF-4E05-8642-82049003E88F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{17F3A969-E111-467A-9471-BA3DD0FD88BB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7A283F6C-6F1F-4CCD-8D70-996BF8B0045A}C:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B1549F1-FF0D-4D07-A2D4-D775CFEE7A96}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E2D021AE-A6FF-493B-AAE0-0B93DEFD368D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{4B46C8B8-1037-4733-9FF1-38093339C2C4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7B7A5EC1-15FA-4FBE-A819-06CCBF14F8F9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A3E6D287-7198-4077-B34E-CF0EAB807DB2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D69C4FB7-B2E5-4A32-A46B-CEF12B367708}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{E8E07A6D-40D1-4DA5-9A9B-A241CB72035C}C:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\die hönigs\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FAB9E121-F01E-4E1A-8D71-75663C61C6E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1B7F436A-E4A6-DAB1-5AC3-1BACE19391CC}" = Amazon Music Importer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55B4F525-9768-40A8-85B7-78229144B883}" = O&O SafeErase
"{582D40A1-995E-40D5-A399-54EA35481C6E}" = Plex Media Server
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1575982-F1CA-46DC-A77D-43FF12F2EFC7}" = Adobe Photoshop Lightroom 4.1
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{f8655fb6-2c47-4b62-80a5-c332839a92df}" = Nero MediaHome 4 Essentials
"7289-1030-5602-7421" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Ashampoo Music Studio 4_is1" = Ashampoo Music Studio 4 v.4.0.3
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.5.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.amazon.music.uploader" = Amazon Music Importer
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Revolution Print Suite" = Digital Revolution Print Suite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2012 12:05:23 | Computer Name = DieHönigs-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 798 Anfangszeit: 01cd9ae4d46c0453 Zeitpunkt
der Beendigung: 60000
Error - 25.09.2012 12:27:18 | Computer Name = DieHönigs-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.09.2012 12:27:18 | Computer Name = DieHönigs-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.09.2012 12:27:18 | Computer Name = DieHönigs-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.09.2012 12:27:18 | Computer Name = DieHönigs-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.10.2012 02:20:17 | Computer Name = DieHönigs-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Plex Media Server.exe, Version 0.9.5.2, Zeitstempel
0x4ed0e10f, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc0dedead, Fehleroffset 0x0003fc56, Prozess-ID 0xaa4,
Anwendungsstartzeit 01cda12f1df4592b.
Error - 12.10.2012 00:45:47 | Computer Name = DieHönigs-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 12.10.2012 01:16:57 | Computer Name = DieHönigs-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567, Prozess-ID 0xee8, Anwendungsstartzeit
01cda8311c134ec1.
Error - 13.10.2012 17:00:03 | Computer Name = DieHönigs-PC | Source = .NET Runtime | ID = 1022
Description =
Error - 13.10.2012 17:00:34 | Computer Name = DieHönigs-PC | Source = .NET Runtime | ID = 1022
Description =
[ System Events ]
Error - 21.10.2012 14:17:39 | Computer Name = DieHönigs-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 21.10.2012 14:17:39 | Computer Name = DieHönigs-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.10.2012 14:17:45 | Computer Name = DieHönigs-PC | Source = bowser | ID = 8003
Description =
Error - 21.10.2012 14:19:48 | Computer Name = DieHönigs-PC | Source = DCOM | ID = 10016
Description =
Error - 22.10.2012 01:51:26 | Computer Name = DieHönigs-PC | Source = DCOM | ID = 10016
Description =
Error - 22.10.2012 01:51:53 | Computer Name = DieHönigs-PC | Source = bowser | ID = 8003
Description =
Error - 22.10.2012 09:46:39 | Computer Name = DieHönigs-PC | Source = bowser | ID = 8003
Description =
Error - 22.10.2012 09:47:55 | Computer Name = DieHönigs-PC | Source = DCOM | ID = 10016
Description =
Error - 22.10.2012 10:30:52 | Computer Name = DieHönigs-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.10.2012 um 16:17:45 unerwartet heruntergefahren.
Error - 22.10.2012 10:31:44 | Computer Name = DieHönigs-PC | Source = bowser | ID = 8003
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 22.10.2012 17:03:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Die Hönigs\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 56,42% Memory free 3,75 Gb Paging File | 2,96 Gb Available in Paging File | 79,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 26,10 Gb Free Space | 37,80% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 68,08 Gb Free Space | 97,26% Space Free | Partition Type: NTFS Drive E: | 407,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DIEHÖNIGS-PC | User Name: Die Hönigs | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.22 16:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Die Hönigs\Desktop\OTL.exe PRC - [2012.10.11 02:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.10.11 02:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 02:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.08.13 17:44:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.28 17:12:14 | 000,517,416 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.10.16 16:58:03 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll MOD - [2012.10.16 16:58:01 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll MOD - [2012.10.16 16:57:59 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll MOD - [2012.10.16 16:57:58 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll MOD - [2012.10.16 16:57:57 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll MOD - [2012.10.16 16:57:55 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll MOD - [2012.10.16 16:57:53 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll MOD - [2012.10.16 16:57:50 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll MOD - [2012.10.16 16:57:49 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll MOD - [2012.10.16 16:57:36 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.10.16 16:57:35 | 005,846,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\7113f1ed4896e8624b96a78e4ff0cabf\DeviceHost.ni.dll MOD - [2012.10.16 16:57:17 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll MOD - [2012.10.16 16:57:06 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll MOD - [2012.10.16 16:57:03 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll MOD - [2012.10.16 16:56:56 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll MOD - [2012.10.16 16:56:55 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll MOD - [2012.10.16 16:56:53 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll MOD - [2012.10.16 16:56:53 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll MOD - [2012.10.16 16:56:52 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll MOD - [2012.10.16 16:56:51 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll MOD - [2012.10.16 16:56:50 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.10.16 16:56:49 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.10.16 16:56:48 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.10.16 16:56:46 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.10.16 16:56:44 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.10.16 16:56:43 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.10.16 16:56:41 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll MOD - [2012.10.16 16:56:37 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll MOD - [2012.10.16 16:56:33 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll MOD - [2012.10.16 16:56:31 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll MOD - [2012.10.16 16:56:31 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll MOD - [2012.10.16 16:56:28 | 001,460,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll MOD - [2012.10.16 16:56:26 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll MOD - [2012.10.16 16:56:22 | 001,199,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll MOD - [2012.10.16 16:56:18 | 001,689,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe MOD - [2012.10.16 16:43:16 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll MOD - [2012.10.16 16:43:12 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll MOD - [2012.10.16 16:43:04 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.10.16 16:43:04 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.10.16 16:43:03 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.10.16 16:43:03 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.10.16 16:42:55 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.10.16 16:42:52 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.10.16 16:42:49 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll MOD - [2012.10.16 16:42:47 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll MOD - [2012.10.16 16:42:46 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.10.16 16:42:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.10.16 16:42:09 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll MOD - [2012.10.16 16:41:55 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.10.16 16:32:18 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.10.16 16:31:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.10.16 16:31:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.10.16 16:31:38 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.10.16 16:31:15 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.10.16 16:31:04 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.10.16 16:30:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.10.16 16:30:40 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.01.18 23:54:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - [2012.10.21 10:26:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 15:37:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 00:37:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.28 17:12:14 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.06.19 16:16:52 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.03.02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2012.03.02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2012.03.02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2012.03.02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.01.19 00:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spox.com/de/index.html" FF - prefs.js..extensions.enabledAddons: toolbar-ff@payback.de:1.1.9.99 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.9 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {10743931-94DF-476f-A987-4391233C17A2}:1.1.7 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {fe2b2a82-83b6-4398-a17f-70a86b511f80}:1.300.306 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.8.2 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.21 10:26:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.21 10:26:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 09:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\Extensions [2012.10.21 20:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\Firefox\Profiles\7xxqthu7.default\extensions [2012.10.10 06:36:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\Firefox\Profiles\7xxqthu7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.03.15 14:08:16 | 000,128,837 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\toolbar-ff@payback.de.xpi [2012.08.25 12:14:44 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.01.22 16:59:24 | 000,061,700 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2012.07.25 14:41:32 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.29 14:16:12 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.07.23 09:58:27 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.11 07:58:58 | 000,000,911 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\11-suche.xml [2011.08.23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\askcom.xml [2012.10.11 07:58:59 | 000,002,273 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\englische-ergebnisse.xml [2012.10.11 07:58:58 | 000,010,563 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\gmx-suche.xml [2012.10.19 15:20:34 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-1.xml [2011.03.05 18:30:24 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-3.xml [2011.03.24 14:56:40 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-4.xml [2011.03.27 10:41:14 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-5.xml [2011.04.30 11:08:58 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-6.xml [2011.06.25 10:04:35 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-7.xml [2011.08.31 19:21:44 | 000,000,950 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin-8.xml [2010.10.25 19:11:29 | 000,001,056 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\icqplugin.xml [2012.10.11 07:58:59 | 000,002,432 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\lastminute.xml [2012.10.11 07:58:58 | 000,005,545 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\mozilla\firefox\profiles\7xxqthu7.default\searchplugins\webde-suche.xml [2012.10.21 10:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\{1018E4D6-728F-4B20-AD56-37578A4DE76B} File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI File not found (No name found) -- C:\USERS\DIE HöNIGS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XXQTHU7.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI [2012.10.21 10:26:16 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.27 18:48:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 07:54:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.27 18:48:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.27 18:48:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 18:48:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 18:48:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKCU..\Run: [Roaqavit] C:\Users\Die Hönigs\AppData\Roaming\Hyaxaq\owlo.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Die Hönigs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Die Hönigs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23620E22-C72E-48F2-87A5-CF89A3D09BAD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.14 02:42:14 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{d3eddfb7-ba13-11e1-a501-00137737c6b0}\Shell - "" = AutoRun O33 - MountPoints2\{d3eddfb7-ba13-11e1-a501-00137737c6b0}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{d3eddfb7-ba13-11e1-a501-00137737c6b0}\Shell\configure\command - "" = H:\SETUP.EXE O33 - MountPoints2\{d3eddfb7-ba13-11e1-a501-00137737c6b0}\Shell\install\command - "" = H:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: AVnotifiers - hkey= - key= - C:\MSOFFICE\msdcsc.exe (Microsoft Corporation) MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: Plex Media Server - hkey= - key= - C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.22 16:58:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Die Hönigs\Desktop\OTL.exe [2012.10.21 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Hyaxaq [2012.10.21 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Fuxyro [2012.10.21 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Dasec [2012.10.21 10:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.18 15:50:46 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Digital Revolution [2012.10.17 17:13:23 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Revolution [2012.10.17 17:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Revolution [2012.10.17 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Revolution [2012.10.16 17:02:00 | 000,000,000 | ---D | C] -- C:\Temp [2012.10.16 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.16 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.16 16:45:05 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Local\Samsung [2012.10.16 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Samsung [2012.10.16 16:44:36 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\Documents\samsung [2012.10.16 16:40:33 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.10.16 16:40:33 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.10.16 16:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.10.16 16:37:06 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.10.16 16:36:15 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.10.16 16:36:15 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.10.16 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.10.16 16:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.10.16 16:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012.10.16 16:28:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.16 16:23:01 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Local\Downloaded Installations [2012.10.13 08:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.10.13 08:44:12 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2012.10.13 08:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2012.10.01 19:25:29 | 000,000,000 | R--D | C] -- C:\Users\Die Hönigs\Dropbox [2012.10.01 18:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.10.01 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.10.01 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Dropbox [2012.09.26 20:57:16 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012.09.26 20:57:16 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012.09.26 20:57:14 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzdecode.ax [2012.09.26 20:57:14 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll [2012.09.26 20:57:14 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll [2012.09.26 20:57:14 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\System32\muzoggsp.ax [2012.09.26 20:57:14 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll [2012.09.26 20:57:14 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\System32\muzwmts.dll [2012.09.26 20:57:14 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe [2012.09.26 20:57:14 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll [2012.09.26 20:57:14 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll [2012.09.26 20:57:14 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmpgsp.ax [2012.09.26 20:57:14 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\System32\muzeffect.ax [2012.09.26 20:57:14 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll [2012.09.26 20:57:14 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\System32\muzmp4sp.ax [2012.09.26 20:57:14 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll [2012.09.26 20:57:14 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll [2012.09.26 20:57:14 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll [2012.09.26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll [2012.09.26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll [2012.09.26 20:57:14 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll [2012.09.26 20:57:14 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe [2012.09.25 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Amazon [2012.09.25 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\Documents\Amazon MP3 [2012.09.25 14:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.09.24 19:53:26 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\Documents\Amazon Music Importer [2012.09.24 19:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon ========== Files - Modified Within 30 Days ========== [2012.10.22 16:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Die Hönigs\Desktop\OTL.exe [2012.10.22 16:43:40 | 000,059,972 | ---- | M] () -- C:\Users\Die Hönigs\Facebook-Meldung.jpg [2012.10.22 16:37:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.22 16:30:59 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 16:30:58 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 16:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.22 16:30:45 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys [2012.10.17 17:13:23 | 000,000,946 | ---- | M] () -- C:\Users\Die Hönigs\Desktop\Digital Revolution Print Suite.lnk [2012.10.16 16:44:29 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.16 16:29:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.16 16:29:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.16 16:29:07 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.16 16:29:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.15 16:00:20 | 000,152,654 | ---- | M] () -- C:\Users\Die Hönigs\Documents\POSTBANK_DISPO.pdf [2012.10.13 23:35:03 | 000,047,104 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.04 07:06:50 | 000,000,680 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Local\d3d9caps.dat [2012.10.01 19:25:29 | 000,000,946 | ---- | M] () -- C:\Users\Die Hönigs\Desktop\Dropbox.lnk [2012.10.01 18:43:28 | 000,000,956 | ---- | M] () -- C:\Users\Die Hönigs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.26 20:57:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.09.26 20:57:16 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012.09.26 20:57:16 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012.09.26 20:57:16 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll [2012.09.26 20:57:14 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzdecode.ax [2012.09.26 20:57:14 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll [2012.09.26 20:57:14 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll [2012.09.26 20:57:14 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\System32\muzoggsp.ax [2012.09.26 20:57:14 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll [2012.09.26 20:57:14 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\System32\muzwmts.dll [2012.09.26 20:57:14 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe [2012.09.26 20:57:14 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll [2012.09.26 20:57:14 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax [2012.09.26 20:57:14 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll [2012.09.26 20:57:14 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzmpgsp.ax [2012.09.26 20:57:14 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\System32\muzeffect.ax [2012.09.26 20:57:14 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll [2012.09.26 20:57:14 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\System32\muzmp4sp.ax [2012.09.26 20:57:14 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.09.26 20:57:14 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll [2012.09.26 20:57:14 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll [2012.09.26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll [2012.09.26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll [2012.09.26 20:57:14 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll [2012.09.26 20:57:14 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe [2012.09.26 20:57:12 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.09.26 20:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.09.25 14:00:48 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk ========== Files Created - No Company Name ========== [2012.10.22 16:43:40 | 000,059,972 | ---- | C] () -- C:\Users\Die Hönigs\Facebook-Meldung.jpg [2012.10.17 17:13:23 | 000,000,946 | ---- | C] () -- C:\Users\Die Hönigs\Desktop\Digital Revolution Print Suite.lnk [2012.10.16 16:44:29 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.15 16:00:20 | 000,152,654 | ---- | C] () -- C:\Users\Die Hönigs\Documents\POSTBANK_DISPO.pdf [2012.10.13 08:44:13 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.10.13 08:44:13 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.10.13 08:44:13 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2012.10.13 08:44:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.10.13 08:44:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.10.01 19:25:29 | 000,000,946 | ---- | C] () -- C:\Users\Die Hönigs\Desktop\Dropbox.lnk [2012.10.01 18:43:28 | 000,000,956 | ---- | C] () -- C:\Users\Die Hönigs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.09.26 20:57:14 | 000,143,360 | ---- | C] () -- C:\Windows\System32\3DAudio.ax [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.09.25 14:00:48 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk [2012.09.25 14:00:48 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk [2012.09.20 17:25:32 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.20 17:25:32 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.20 17:21:37 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2012.09.18 16:30:48 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI [2012.09.18 15:11:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.09.18 15:11:25 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.07.22 12:38:48 | 000,000,680 | ---- | C] () -- C:\Users\Die Hönigs\AppData\Local\d3d9caps.dat [2012.06.18 08:49:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.06.18 08:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.06.17 14:36:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.06.04 10:55:58 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.04 10:55:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.04 10:55:06 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.06.04 10:55:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.06.04 10:52:34 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.06.04 10:52:25 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.06.02 02:13:06 | 000,047,104 | ---- | C] () -- C:\Users\Die Hönigs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.31 22:14:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.25 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Amazon [2012.09.09 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Ashampoo [2012.07.03 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\calibre [2012.06.19 16:19:37 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\DAEMON Tools Lite [2012.10.21 19:37:07 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Dasec [2012.10.18 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Digital Revolution [2012.10.22 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Dropbox [2012.10.22 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Fuxyro [2012.10.21 19:37:07 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Hyaxaq [2012.06.19 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\ImgBurn [2012.10.16 16:45:26 | 000,000,000 | ---D | M] -- C:\Users\Die Hönigs\AppData\Roaming\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.31 22:24:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.01 18:23:37 | 000,000,000 | -HSD | M] -- C:\Boot [2012.10.21 19:52:09 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.05.31 22:20:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.18 15:12:27 | 000,000,000 | ---D | M] -- C:\LGP990 [2012.06.19 16:23:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.07.29 15:20:57 | 000,000,000 | -HSD | M] -- C:\MSOFFICE [2012.06.15 20:24:00 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.21 15:19:31 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.16 16:34:56 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.05.31 22:20:16 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.22 17:16:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.16 17:02:00 | 000,000,000 | ---D | M] -- C:\Temp [2012.08.17 18:12:52 | 000,000,000 | R--D | M] -- C:\Users [2012.10.17 07:52:40 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 09:32:33 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2012.06.01 10:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2012.06.01 10:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2012.06.01 10:24:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.06.01 10:23:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2012.06.01 10:23:20 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2012.06.01 10:23:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2012.06.01 10:56:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2012.06.01 10:56:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2012.06.01 10:23:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2012.06.01 10:02:47 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2012.06.01 10:02:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.10.22 16:43:40 | 000,059,972 | ---- | M] () -- C:\Users\Die Hönigs\Facebook-Meldung.jpg [2012.10.22 17:31:16 | 001,572,864 | -HS- | M] () -- C:\Users\Die Hönigs\NTUSER.DAT [2012.10.22 17:31:15 | 000,262,144 | -H-- | M] () -- C:\Users\Die Hönigs\ntuser.dat.LOG1 [2012.05.31 22:23:40 | 000,000,000 | -H-- | M] () -- C:\Users\Die Hönigs\ntuser.dat.LOG2 [2012.10.22 08:02:13 | 000,065,536 | -HS- | M] () -- C:\Users\Die Hönigs\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.10.22 08:02:13 | 000,524,288 | -HS- | M] () -- C:\Users\Die Hönigs\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.05.31 22:48:47 | 000,524,288 | -HS- | M] () -- C:\Users\Die Hönigs\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2012.05.31 22:23:40 | 000,000,020 | -HS- | M] () -- C:\Users\Die Hönigs\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
22.10.2012, 17:25
| #4 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Roaqavit] C:\Users\Die Hönigs\AppData\Roaming\Hyaxaq\owlo.exe ()
:Files
C:\Users\Die Hönigs\AppData\Roaming\Hyaxaq
[2012.10.21 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Fuxyro
[2012.10.21 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Die Hönigs\AppData\Roaming\Dasec
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.10.2012, 18:06
| #5 |
| | Facebook Account - Zahlungsaufforderung also der Upload hat geklappt und ist erledigt desktop.ini Code:
ATTFilter [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
Code:
ATTFilter [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
|
|
22.10.2012, 18:33
| #6 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung hi für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ --> Facebook Account - Zahlungsaufforderung |
|
22.10.2012, 19:12
| #7 |
| | Facebook Account - Zahlungsaufforderung bin grade dabei es nochmals hochzuladen. Die 1. Datei war ohne Meldung fertig. Deswegen kannes dann sein dass auf einmal 2x dieselbe Datei hochgeladen wurde. |
|
22.10.2012, 19:39
| #8 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung hi dann ist die datei zu groß File-Upload.net - Ihr kostenloser File Hoster! dort hochladen, link als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.10.2012, 19:56
| #9 |
| | Facebook Account - Zahlungsaufforderung hab dir ne PN geschickt. Dann mal bis morgen und vielen vielen Dank für die bis jetzt getätigte Hilfe  |
|
22.10.2012, 22:05
| #10 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung danke nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.10.2012, 02:11
| #11 |
| | Facebook Account - Zahlungsaufforderung Hi, ja für alles ausser beruflich. Warum? Sollte ich mir Sorgen wegen meinem Onlinebanking sowie die Einkäufe machen? Denn falls ja, dann wäre es wohl besser den pc zu formatieren und alle PW zu ändern. Oder was meinst du? Um was für ne Infizierung handelt es sich denn genau? Wie kann ich denn meine Daten retten oder ist das zu spät? Es wird aber doch nicht alles verseucht sein. Wenn ich da alleine an alle Bilder denke. Sind auch die externen Festplatten betroffen? wie gehts eigentich nun weiter? |
|
23.10.2012, 16:00
| #12 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung bank anrufen bitte, falls sie zu hatt, notfall nummer: 116 116 banking wegen zbot sperren lassen der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.10.2012, 18:06
| #13 |
| | Facebook Account - Zahlungsaufforderung Hey Markus, ich bin damit ein wenig überfordert :-( Hab auf jeden Fall mal alle Banken angerufen und meine Zugänge sperren lassen. PW werd ich nun ändern. Allerdings kann ich nicht einfach die Festplatten formatieren und vorher die benötigten Daten auf ne externe FP kopieren? Natürlich mit vorheriger Virenüberprüfung. Denn die Hauptdaten sitzen alle auf meiner anderen externen FP welche normal nicht infiziert sein kann, da diese nicht angeschlossen war. Dreht sich also zum Glück nur um wenige Daten. Oder ist es wichtig die Punkte akribisch abzuarbeiten wie du sie gepostet hast? Weiß ja gar nicht woher ich soviel Zeit aufbringen soll :-((( achso ja - habe hier von meinem Lappi folgende CD´s Systemwiederherstellungsmedium System Software Medium |
|
23.10.2012, 18:12
| #14 |
| /// Malware-holic | Facebook Account - Zahlungsaufforderung ja, du musst über linux system, ubuntu sichern, da weitere malware deine externen laufwerke infizieren kann, wenn du sie unter windows anschließt. passwörter endern vom infiziertem system aus ist natürlich sinnlos :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.10.2012, 18:28
| #15 |
| | Facebook Account - Zahlungsaufforderung ja das is scho klar mit den PW - die änder ich ja von nem andern aus. Aber hier hab ich kein Laufwerk dran - wie soll ich das mit Ubuntu nun ohne Laufwerk machen? Einfach auf nen Stick kopieren? Also diese Datei ist aktuell auf der TU Seite zum Download xubuntu-12.04.1-desktop-i386.iso Im Thread wird aber sxplizit auf diese Version hingewiesen xubuntu-12.04-desktop-i386.iso Was nun? Geändert von dehoensch (23.10.2012 um 18:53 Uhr) |
|
| Themen zu Facebook Account - Zahlungsaufforderung |
| account, chance, facebook, gestern, keinerlei, meldung, nimmer, nutze, nutzen, proggi, richtig, screenshot, starte, startet, taskma, taskmanager, troja, trojaner, virus, wegklicken, zahlungsaufforderung |
Linear-Darstellung
