|
Log-Analyse und Auswertung: Google Redirect VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.10.2012, 15:28 | #31 |
| Google Redirect Virus Da steht halt welche schlüssel und Werte gefunden wuren... aber keine expliziten Programme......? Oder? Ich kapiers nicht...:-) |
29.10.2012, 15:38 | #32 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Na was steht denn in den Schlüsseln
__________________BabylonToolbar Ask Conduit usw. - sowas sieht man ja nun fast mit verbundenen Augen
__________________ |
29.10.2012, 15:42 | #33 |
| Google Redirect Virus ok. ask ist deinstalliert... die anderen beiden finde ich nicht unter"Software" und auch nicht mit Suchen ... ....?
__________________ |
29.10.2012, 16:11 | #34 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2012, 17:53 | #35 |
| Google Redirect Virus Tadaaa Code:
ATTFilter # AdwCleaner v2.005 - Datei am 29/10/2012 um 17:48:13 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Abmayer - ABMAYER-1CB678C # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Abmayer\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\WINDOWS\system32\conduitEngine.tmp Ordner Gelöscht : C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\BabylonToolbar Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask Ordner Gelöscht : C:\Dokumente und Einstellungen\Gregor\Anwendungsdaten\Babylon Ordner Gelöscht : C:\Dokumente und Einstellungen\Gregor\Anwendungsdaten\BabylonToolbar Ordner Gelöscht : C:\Programme\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2449729 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2769726 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Software Schlüssel Gelöscht : HKU\S-1-5-21-1409082233-484061587-1417001333-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKU\S-1-5-21-1409082233-484061587-1417001333-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [7596 octets] - [29/10/2012 15:13:15] AdwCleaner[S1].txt - [4655 octets] - [29/10/2012 17:48:13] ########## EOF - C:\AdwCleaner[S1].txt - [4715 octets] ########## |
29.10.2012, 18:01 | #36 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Ok, eine Kontrolle bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Google Redirect Virus |
29.10.2012, 18:39 | #37 |
| Google Redirect Virus Tadaa:-) OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2012 18:24:01 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Abmayer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 62,69% Memory free 5,34 Gb Paging File | 4,11 Gb Available in Paging File | 77,04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 229,00 Gb Total Space | 192,12 Gb Free Space | 83,89% Space Free | Partition Type: NTFS Drive D: | 208,42 Gb Total Space | 127,78 Gb Free Space | 61,31% Space Free | Partition Type: NTFS Computer Name: ABMAYER-1CB678C | User Name: Abmayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Abmayer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Drive\googledrivesync.exe (Google) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) PRC - C:\Programme\Norton 360\Engine\4.4.0.12\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Norton 360\AddOns\Norton AddOn Pack\Engine\4.8.0.3\ccProxy.exe (Symantec Corporation) PRC - C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe (Acronis) PRC - C:\Programme\Acronis\BackupAndRecovery\mms.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Timounter\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Nokia\PC Internet Access\NPCIA.exe (Nokia) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\_elementtree.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\_socket.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\pysqlite2._sqlite.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32api.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32com.shell.shell.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._html2.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._gdi_.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32crypt.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\windows._cacheinvalidation.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\_ctypes.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\pythoncom26.dll () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._misc_.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32security.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\_ssl.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._core_.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32process.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32pdh.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._windows_.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\_hashlib.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._wizard.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32file.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\pywintypes26.dll () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32inet.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\wx._controls_.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\win32event.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\pyexpat.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\unicodedata.pyd () MOD - C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\temp\_MEI37082\select.pyd () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3579.36823__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3579.36895__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3579.36805__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3579.36824__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3579.36876__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3579.36813__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3579.36857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3579.36848__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3579.36819__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3579.36814__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3579.36908__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3579.36907__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3579.36912__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3579.36908__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3579.36906__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3579.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3579.36863__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3579.36906__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3579.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3579.36824__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3579.36896__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3579.36824__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3579.36850__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3579.36825__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3579.36871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3579.36814__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3579.36825__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3579.36855__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3579.36855__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3579.36829__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3579.36844__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3579.36848__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3579.36849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3579.36856__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3574.20483__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3574.20475__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3574.20511__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3574.20570__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3574.20566__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3574.20505__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3574.20565__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3574.20469__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3574.20459__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3574.20535__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3574.20569__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3574.20496__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3574.20534__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3574.20530__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3574.20502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3574.20557__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3574.20489__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3574.20496__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3574.20454__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3574.20457__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3574.20638__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3574.20529__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3574.20525__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3574.20482__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3574.20492__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3574.20532__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3574.20491__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3574.20472__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3574.20528__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3574.20506__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3574.20504__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3574.20501__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3574.20524__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3574.20485__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3574.20528__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3574.20495__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3574.20484__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3579.36920__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3579.36885__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3579.36819__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3579.36890__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3579.36889__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3579.36804__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3579.36802__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3574.20509__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3579.36901__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3574.20476__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3574.20464__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3574.20498__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3574.20480__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3574.20494__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3579.36802__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3579.36809__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3579.36801__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3579.36802__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3574.20487__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3574.20499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3574.20537__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3579.36890__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\Nokia\PC Internet Access\GraphicsResources.ngr () MOD - C:\Programme\Nokia\PC Internet Access\TextResources_ger.nlr () MOD - C:\WINDOWS\system32\sst3cl3.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (N360) -- C:\Programme\Norton 360\Engine\4.4.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ccProxy) -- C:\Programme\Norton 360\AddOns\Norton AddOn Pack\Engine\4.8.0.3\ccProxy.exe (Symantec Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (AcronisAgent) -- C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe (Acronis) SRV - (MMS) -- C:\Programme\Acronis\BackupAndRecovery\mms.exe (Acronis) SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (DgiVecp) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFixx\catchme.sys File not found DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121029.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121029.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121027.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys (Symantec Corporation) DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys (Symantec Corporation) DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys (Symantec Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys (Symantec Corporation) DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (SLEE_16_DRIVER) -- C:\WINDOWS\system32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\SearchScopes,DefaultScope = {5AB9ADFC-A3B8-4120-AA71-3D54107CCE06} IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\SearchScopes\{5AB9ADFC-A3B8-4120-AA71-3D54107CCE06}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\SearchScopes\{E350053F-0415-4F6B-A345-6F0C332DB8D0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ333YYDE&apn_uid=CA07276B-62E9-416A-BCF3-1365CADCA268&apn_sauid=8299D362-5475-4E32-B495-E2EE10F29878 IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-484061587-1417001333-1006\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011.07.20 07:19:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012.10.29 17:50:10 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.t-online.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.t-online.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Unity Player (Enabled) = C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Citrix ICA Client (Enabled) = C:\Programme\Citrix\ICA Client\npicaN.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Programme\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Programme\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.29 13:07:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Programme\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrayMonitor.exe] C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) O4 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004..\Run: [GoogleDriveSync] C:\Programme\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004..\Run: [NokiaPCInternetAccess] C:\Programme\Nokia\PC Internet Access\NPCIA.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-484061587-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Programme\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288803896609 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288804036609 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx (ORDcmViewCD Control) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2D7F033-7B1C-4950-9B5E-090D761ACF08}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.03 16:15:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 19:55:35 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.10.28 19:43:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.10.28 19:43:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.10.28 19:43:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.10.28 19:43:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.10.28 19:39:59 | 004,989,309 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\ComboFixx.exe [2012.10.28 16:55:31 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.28 16:38:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.28 16:37:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.10.28 16:34:50 | 004,989,309 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\ComboFix.exe [2012.10.28 15:26:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\aswMBR.exe [2012.10.27 14:57:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\OTL.exe [2012.10.27 14:35:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Malwarebytes [2012.10.27 14:34:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.27 11:41:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.27 11:17:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Neuer Ordner [2012.10.22 20:55:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Facebook [2012.10.19 18:34:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.29 18:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.29 18:05:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.29 17:49:49 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.29 17:49:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.29 17:47:14 | 000,538,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\adwcleaner.exe [2012.10.29 16:00:01 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-484061587-1417001333-1004UA.job [2012.10.29 15:45:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.29 14:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\OTL.exe [2012.10.29 13:07:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.10.29 12:28:37 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Microsoft Office Outlook 2007.lnk [2012.10.28 22:00:02 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-484061587-1417001333-1004Core.job [2012.10.28 20:47:38 | 000,002,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.10.28 20:34:54 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Microsoft Office Word 2007.lnk [2012.10.28 19:55:43 | 000,000,334 | RHS- | M] () -- C:\boot.ini [2012.10.28 19:40:12 | 004,989,309 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\ComboFixx.exe [2012.10.28 16:35:01 | 004,989,309 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\ComboFix.exe [2012.10.28 16:14:19 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\MBR.dat [2012.10.28 15:26:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Abmayer\Desktop\aswMBR.exe [2012.10.28 13:40:40 | 000,679,728 | ---- | M] () -- C:\TDSS.zip [2012.10.28 13:37:53 | 000,131,788 | ---- | M] () -- C:\TDSS.7z [2012.10.27 15:26:56 | 000,013,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Gmer.zip [2012.10.27 15:26:43 | 000,011,511 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Extras.zip [2012.10.27 15:13:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\izbkjh2l.exe [2012.10.27 14:54:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\defogger_reenable [2012.10.25 07:04:42 | 000,529,402 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.25 07:04:42 | 000,484,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.25 07:04:42 | 000,105,206 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.25 07:04:42 | 000,080,366 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.24 19:15:07 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Microsoft Office Excel 2007.lnk [2012.10.23 16:19:58 | 000,010,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Abmayr_elster_2048.pfx [2012.10.22 13:34:02 | 000,002,301 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\catforDocs WDT-Bestellprogramm (2).lnk [2012.10.08 19:09:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.08 19:09:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.01 10:45:16 | 000,606,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-10-01_Auto.nbu [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.29 17:47:14 | 000,538,941 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\adwcleaner.exe [2012.10.28 19:55:43 | 000,000,218 | ---- | C] () -- C:\Boot.bak [2012.10.28 19:55:39 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.10.28 19:43:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.10.28 19:43:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.10.28 19:43:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.10.28 19:43:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.10.28 19:43:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.10.28 16:14:19 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\MBR.dat [2012.10.28 13:40:39 | 000,679,728 | ---- | C] () -- C:\TDSS.zip [2012.10.28 13:37:52 | 000,131,788 | ---- | C] () -- C:\TDSS.7z [2012.10.27 15:26:56 | 000,013,491 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Gmer.zip [2012.10.27 15:26:43 | 000,011,511 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\Extras.zip [2012.10.27 15:13:22 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Desktop\izbkjh2l.exe [2012.10.27 14:54:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\defogger_reenable [2012.10.23 16:19:50 | 000,010,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Abmayr_elster_2048.pfx [2012.10.22 20:55:56 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-484061587-1417001333-1004UA.job [2012.10.22 20:55:56 | 000,001,004 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-484061587-1417001333-1004Core.job [2012.10.01 10:44:47 | 000,606,896 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-10-01_Auto.nbu [2012.08.13 20:02:54 | 000,601,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-08-13_Auto.nbu [2012.07.24 11:42:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2012.07.17 14:39:40 | 000,602,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-07-17_Auto.nbu [2012.07.12 17:30:20 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2012.07.12 17:30:20 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2012.07.12 17:30:20 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2012.07.12 17:30:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2012.07.12 17:30:20 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2012.07.12 17:30:20 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2012.07.12 17:30:20 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2012.07.12 17:30:20 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2012.07.12 17:30:20 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2012.07.12 17:30:20 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2012.07.12 17:30:20 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2012.07.12 17:30:20 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2012.07.12 17:30:20 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2012.07.12 17:30:20 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2012.07.12 17:30:20 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2012.07.12 17:30:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2012.07.12 17:30:20 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2012.07.12 17:30:20 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2012.07.12 17:30:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2012.07.06 08:49:14 | 000,599,793 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-07-06_Auto.nbu [2012.06.28 17:36:33 | 000,182,640 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.06.01 08:54:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.05.07 15:26:53 | 000,916,295 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-05-07_Auto.nbu [2012.04.23 11:12:02 | 000,902,377 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-04-23_Auto.nbu [2012.03.09 17:12:49 | 000,612,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-03-09.nbu [2012.01.14 14:59:27 | 000,567,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2012-01-14_Auto.nbu [2011.12.25 19:30:49 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2011.12.25 19:30:18 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\$_hpcst$.hpc [2011.12.24 10:11:11 | 000,562,826 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-12-24_Auto.nbu [2011.10.12 08:13:30 | 000,505,239 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-10-12_Auto.nbu [2011.09.16 17:02:12 | 000,677,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-09-16_18-02-11.nbu [2011.09.16 10:44:05 | 000,674,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-09-16_Auto.nbu [2011.09.05 12:01:21 | 000,678,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-09-05_Auto.nbu [2011.08.29 17:01:59 | 000,677,390 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-08-29_Auto.nbu [2011.08.16 09:50:32 | 000,673,179 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-08-16_Auto.nbu [2011.07.28 13:59:28 | 000,672,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-07-28_Auto.nbu [2011.07.19 11:37:41 | 000,655,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-07-19_Auto.nbu [2011.07.15 11:23:28 | 000,484,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011.06.09 21:50:51 | 000,632,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-06-09_Auto.nbu [2011.05.09 17:58:08 | 000,618,694 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-05-09_Auto.nbu [2011.05.02 10:38:09 | 000,608,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-05-02_Auto.nbu [2011.04.26 10:33:52 | 001,376,768 | ---- | C] () -- C:\Programme\7z920-x64.msi [2011.04.26 10:32:33 | 001,110,476 | ---- | C] () -- C:\Programme\7z920.exe [2011.04.13 09:57:24 | 000,621,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-04-13_Auto.nbu [2011.04.11 18:21:03 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.03.15 13:17:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.02 18:44:35 | 000,584,127 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-03-02_Auto.nbu [2011.02.27 12:42:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.19 22:07:40 | 014,269,445 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-02-19.nbu [2011.02.10 14:41:52 | 000,554,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-02-10_Auto.nbu [2011.01.27 15:43:42 | 000,551,703 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-01-27_Auto.nbu [2011.01.08 14:21:18 | 000,596,443 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2011-01-08_Auto.nbu [2010.12.17 15:28:24 | 000,539,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2010-12-17_Auto.nbu [2010.12.08 12:34:48 | 000,009,353 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Microsoft Excel 97-2003.EML [2010.12.08 12:33:22 | 000,009,355 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Microsoft Access 97-2003.EML [2010.12.08 12:33:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.12.08 12:27:53 | 000,012,989 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL [2010.12.08 12:26:09 | 000,038,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2010.12.08 12:21:48 | 000,009,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Anwendungsdaten\Kommagetrennte Werte (Windows).EML [2010.11.29 12:36:02 | 000,432,596 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Hans-Jürgen_2010-11-29_Auto.nbu [2010.11.21 22:21:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.11.05 16:32:20 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll [2010.11.04 10:08:49 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.03 17:34:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010.11.03 17:34:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010.11.03 17:34:15 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.11.03 17:34:15 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.11.03 17:34:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2010.11.03 17:34:06 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2010.11.03 17:19:03 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.11.03 16:41:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.11.03 16:41:28 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2010.11.03 16:41:25 | 000,031,485 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.11.03 16:41:25 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.11.03 16:16:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.03 16:13:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.03 16:07:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.03 16:06:32 | 000,150,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2010.11.03 17:33:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2012 18:24:01 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Abmayer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 62,69% Memory free 5,34 Gb Paging File | 4,11 Gb Available in Paging File | 77,04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 229,00 Gb Total Space | 192,12 Gb Free Space | 83,89% Space Free | Partition Type: NTFS Drive D: | 208,42 Gb Total Space | 127,78 Gb Free Space | 61,31% Space Free | Partition Type: NTFS Computer Name: ABMAYER-1CB678C | User Name: Abmayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe" = C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe:*:Enabled:Acronis Remote Agent -- (Acronis) "C:\Programme\Acronis\BackupAndRecovery\mms.exe" = C:\Programme\Acronis\BackupAndRecovery\mms.exe:*:Enabled:Acronis Managed Machine Service -- (Acronis) "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Abmayer\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01F6C6F6-0D5A-45D0-83DB-38AB421D0BF5}" = Steganos Safe One "{03EB79B7-2152-4C98-AEA0-254F881A3275}" = ElsterFormular 2004/2005 "{04A7A2EF-0DA0-74EA-BF74-CF8C3A31B8DE}" = CCC Help Chinese Traditional "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}" = Acronis Backup & Recovery 10 Upgrade Tool "{06FE5C48-4BBE-605B-A317-9EEDEE863BBE}" = ccc-core-preinstall "{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}" = Acronis Backup & Recovery 10 Tray Monitor "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0F16FCBE-9C6E-7F15-953D-19D9FBBBF9F0}" = CCC Help Hungarian "{10CB67DA-2B57-A1D2-15BE-BC53FA70F34C}" = CCC Help Finnish "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre "{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero) "{25D92ECD-EC21-CECB-3C76-61BE1D030EE8}" = Catalyst Control Center Graphics Full New "{2604E5A2-01EB-7108-8C0D-3B5E2D22A560}" = ATI Problem Report Wizard "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{2BCF0298-8C1F-4767-2CEF-EF54BAF17315}" = CCC Help Greek "{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager "{2F68A530-7224-D105-8609-A5593274CDA0}" = ccc-core-static "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363B3A00-B3EE-9F30-99E5-D37A8C987160}" = CCC Help Polish "{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E815B7F-9272-7C21-03A6-516DB901FA7B}" = CCC Help Japanese "{431044D2-DE44-1813-91F2-4A17111449D0}" = CCC Help English "{467C32C8-36F3-EB87-C26F-B65923B23ED7}" = Catalyst Control Center Graphics Full Existing "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BE7A16A-ED49-9705-CEF2-E29922D106F5}" = CCC Help Danish "{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}" = Acronis Backup & Recovery 10*Standalone*Management*Console "{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player "{5152EF72-354E-F278-2FE1-15F55BD615CC}" = Catalyst Control Center Localization All "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A7CE796-FA2A-4255-A2F7-54CB29950A19}" = catforDocs WDT-Bestellprogramm "{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{653A52D8-127C-476D-BAD9-27117A3A4959}" = Nokia PC-Internetzugang "{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver (DV) "{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite "{8206C0E6-6FD6-FE29-2973-31AAA705BBB4}" = CCC Help Norwegian "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{885B9D2A-F328-D130-D223-8377515FFA0C}" = Catalyst Control Center InstallProxy "{88862DA4-8F97-79F5-886B-725BA2AB622E}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90805E2F-092A-DA7A-46A1-BB7590B7204E}" = CCC Help French "{90859A61-C317-48B9-8E31-4B742611FD19}" = Acronis Backup & Recovery 10* Agent "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{930B6EF4-21D8-E7CF-2DAD-019A198AB75C}" = CCC Help Italian "{9383B30D-704A-645A-204A-673DFBA0633B}" = Catalyst Control Center Graphics Previews Common "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BFE691-3524-1B8C-2BDE-7064415834EA}" = Catalyst Control Center Core Implementation "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside "{9A5C57D1-3B27-4B41-89E6-C74C6937F4FB}" = Falk Navi-Manager "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F35814A-499A-2FC1-473F-8558BB883592}" = CCC Help Spanish "{9FAF2CC6-9191-3CB2-B90F-44124FA8C763}" = ATI AVIVO Codecs "{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver (USB) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2104078-AAA5-449E-95DD-55C9443A1031}" = Nero 7 Essentials "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACCF07C3-E160-576E-ECCC-E88CBA100EE9}" = CCC Help Swedish "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF6B9F34-7594-75D2-1C41-FC5CBCA749C1}" = CCC Help Korean "{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BA5D1CDB-9279-611F-7A07-88DF3AA23741}" = CCC Help Portuguese "{BBA625C6-23B2-9A52-C117-4F0FD38E9281}" = CCC Help Czech "{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash-Umleitung) "{BE3F0F11-ABC9-2238-4C02-8DBCB0D308F0}" = Catalyst Control Center HydraVision Full "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C539BF32-E37E-B863-1F9A-85FD869FC7CD}" = CCC Help Dutch "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1B0E1BF-B2AB-82F9-DC55-E5ACA3436DDE}" = ccc-utility "{D6ED0BAC-46D2-553D-9CD2-5F8BE9BF0D67}" = Catalyst Control Center Graphics Light "{D85B4660-1B66-AA8A-FC92-CBC345B6619E}" = CCC Help Thai "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution "{DF902AB0-DC5F-AD92-38BC-4937EB8389EA}" = Skins "{E21B256B-4277-9228-6003-1F3084360318}" = CCC Help Russian "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E4AC94D8-4387-2F03-C5D2-ECCADD267F13}" = CCC Help Turkish "{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-Service Plug-in "{F702B636-2FCA-0A65-1772-21A94B49693F}" = CCC Help German "{FE361859-B039-4E17-96AC-D111183DCF99}" = Acronis Backup & Recovery 10*Bootfähige Komponenten und Media Builder "{FE94602C-C8C1-7C59-E5F3-3EF7CEE4E201}" = ATI Catalyst Install Manager "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Alpenvereinskarten Digital 2007_is1" = Alpenvereinskarten Digital 2007 "AOP" = Norton AddOn Pack "ATI Display Driver" = ATI Display Driver "CitrixOnlinePluginPackWeb" = Citrix Receiver "Der Kleine Eisbär 1" = Der Kleine Eisbär 1 "Die_Schoenheit_der_Parasiten_is1" = Die_Schoenheit_der_Parasiten "ElsterFormular 10.3.3.990" = ElsterFormular "ElsterFormular 13.0.0.8086k" = ElsterFormular "ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular-Upgrade "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "KOMPASS Digital Map "Österreich"_is1" = KOMPASS Digital Map "Österreich" "KOMPASS Digital Map Deutsche Alpen_is1" = KOMPASS Digital Map Deutsche Alpen "KOMPASS Digital Map Software_is1" = KOMPASS Digital Map Software 3.1.6 "KOMPASS Digital Map Südtirol_is1" = KOMPASS Digital Map Südtirol "LHTTSGED" = L&H TTS3000 Deutsch "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton 360 "Nokia PC Internet Access" = Nokia PC-Internetzugang "Nokia Suite" = Nokia Suite "OUTLOOKR" = Microsoft Office Outlook 2007 "Peter Morphose" = Peter Morphose "PokerStars.eu" = PokerStars.eu "Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series "Tivola Maus 3" = Tivola Maus 3 "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "Veetle TV" = Veetle TV "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1409082233-484061587-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PokerOffice5" = PokerOffice (remove only) "sc11-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 11 "Trader Workstation" = Trader Workstation ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.10.2012 02:01:16 | Computer Name = ABMAYER-1CB678C | Source = Windows Search Service | ID = 3024 Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut. Kontext: Anwendung, SystemIndex Katalog [ OSession Events ] Error - 15.12.2010 04:09:50 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 60 seconds of active time. This session ended with a crash. Error - 21.06.2011 12:17:42 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 156 seconds with 120 seconds of active time. This session ended with a crash. Error - 21.06.2011 12:18:00 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.11.2011 17:34:22 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3946 seconds with 3060 seconds of active time. This session ended with a crash. Error - 24.12.2011 19:09:00 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 51375 seconds with 660 seconds of active time. This session ended with a crash. Error - 25.03.2012 16:14:22 | Computer Name = ABMAYER-1CB678C | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57068 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 10:40:54 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 29.10.2012 12:50:23 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.10.2012 12:50:23 | Computer Name = ABMAYER-1CB678C | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
31.10.2012, 14:17 | #38 |
| Google Redirect Virus Sind die Logs ok? |
31.10.2012, 18:41 | #39 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
31.10.2012, 19:38 | #40 |
| Google Redirect Virus der ist zu 32% fertig(seehr langsam) und hat schon 2 trojaner gefunden:-( jetzt schon 4.... neeein |
31.10.2012, 20:06 | #41 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Einfach mal Ruhe bewahren - poste einfach das Log wenn es fertig ist und überlasse mir die Auswertung bevor völlig unnötig wie jetzt fast Panik ausbricht
__________________ Logfiles bitte immer in CODE-Tags posten |
31.10.2012, 20:07 | #42 |
| Google Redirect Virus ok, mittlerweile bei 74%:-) Und "fast" ist gut tadaa.. das anere kommt bald, hier ist das ESET-Log: Code:
ATTFilter [ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8fd2226a0fd5934da5195a6f3f6eada1 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-31 07:28:17 # local_time=2012-10-31 08:28:17 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3589 16777173 100 86 33220071 115074030 0 0 # compatibility_mode=8192 67108863 100 0 3724 3724 0 0 # scanned=285086 # found=4 # cleaned=0 # scan_time=5964 C:\Qoobox\Quarantine\C\WINDOWS\system32\cewmdmf.dll.vir a variant of Win32/Ponmocup.EZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\perfd009U.dll.vir a variant of Win32/Ponmocup.EZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{7E572D20-E710-4FB0-B61C-0EAA56F70EC2}\RP4\A0000618.dll a variant of Win32/Ponmocup.EZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{7E572D20-E710-4FB0-B61C-0EAA56F70EC2}\RP4\A0000619.dll a variant of Win32/Ponmocup.EZ trojan (unable to clean) 00000000000000000000000000000000 I Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.31.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Abmayer :: ABMAYER-1CB678C [Administrator] 31.10.2012 20:34:42 mbam-log-2012-10-31 (20-34-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246351 Laufzeit: 6 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von cosinus (31.10.2012 um 20:41 Uhr) |
31.10.2012, 20:43 | #43 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Wie ich schon vermutet habe sind das eher hysterische Funde. Qoobox ist die Q von Combofix, völlig folgerichtig, dass da Schädlinge gefunden werden können, diese sind aber NICHT mehr aktiv - Sinn und Zweck einer Quarantäne Das andere sind nur Überbleibsel in irgendeinem Wiederherstellungspunkt. Was ist jetzt mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten |
31.10.2012, 20:50 | #44 |
| Google Redirect Virus ääh, hab ich schon gepostet!? |
31.10.2012, 20:57 | #45 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Virus Ja du hast es eben da reineditiert, vorhin war das da noch nicht Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Google Redirect Virus |
adobe, adobe flash player, bho, branding, einstellungen, error, excel, explorer, firefox, flash player, fontcache, format, google, google redirect; virus, helper, home, homepage, kaspersky, limited.com/facebook, logfile, malwarebytes, microsoft, object, plug-in, problem, realtek, redirect-virus, registry, symantec, virus |