| |
| |||||||
Log-Analyse und Auswertung: Avira meldet 'TR/Crypt.EPACK.Gen2'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.11.2012, 19:53
| #1 |
| |  Avira meldet 'TR/Crypt.EPACK.Gen2' Hallo zusammen, ich bin etwas beunruhigt. Mein AVIRA Echtzeit Scanner hat folgende Meldung gebracht: In der Datei 'C:\Users\Sarah\AppData\Roaming\loaupdt.jpg' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Ein komplett Suchlauf im Anschluss meldete zusätzlich: Die Datei 'C:\Users\Sarah\AppData\Roaming\appConf32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004. Die Quelldatei konnte nicht gefunden werden. Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. Die Datei wurde zum Löschen nach einem Neustart markiert. Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. Ich hab nicht wirklich Ahnung von sowas, habe aber ein bisschen gegoogelt und da kam öfter vor, dass der Trojaner mit Online Banking wohl gefährlich sein könnte. Habe vorsichtshalber schon mal mein Passwort geändert. Wie gewünscht habe ich "defogger" installiert und "disabled" Hier nun noch die ganzen Sachen die man hier wohl so braucht  :1.OTL.txt OTL logfile created on: 05.11.2012 18:32:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,18 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 67,10% Memory free 6,35 Gb Paging File | 4,71 Gb Available in Paging File | 74,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 29,71 Gb Free Space | 7,00% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 18,92 Gb Free Space | 47,30% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.05 18:28:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe PRC - [2012.11.05 18:25:34 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Downloads\Defogger.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.16 17:56:56 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.21 02:19:09 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.08 14:38:29 | 001,193,176 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.14 01:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.08 04:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe PRC - [2010.01.12 18:23:38 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.10.24 14:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007.06.21 08:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Microsoft Works\WkCalRem.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.05 18:25:34 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Downloads\Defogger.exe MOD - [2012.11.05 08:27:59 | 000,007,720 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe222.dll MOD - [2012.09.21 02:19:09 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll MOD - [2012.09.08 14:38:29 | 001,193,176 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.07.14 01:14:07 | 002,003,424 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.05.09 18:34:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.09 18:32:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.09 18:32:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.09 18:32:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.09 18:32:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012.04.17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.01.08 04:27:00 | 000,004,096 | ---- | M] () -- C:\Programme\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2011.01.07 19:48:38 | 000,235,624 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.12.21 20:09:26 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ========== Services (SafeList) ========== SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 21:19:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.05.26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.08 04:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.10.24 14:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - [2012.10.04 12:07:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.01.08 04:27:00 | 000,020,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010.12.02 11:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.12.02 11:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.12.02 11:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.12.02 11:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.11.13 17:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.10.30 06:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009.10.26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.10.26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.30 17:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{21A28B01-4C9E-4A3B-BADF-CA0AE375CD0D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{F0F4DB9F-DA4B-4973-AA53-DDCC85339692}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83D62709-6FFB-4632-8C63-C42E47D9F607&apn_sauid=2ED8943E-4776-4598-9162-DD11ACCFDF73 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=83D62709-6FFB-4632-8C63-C42E47D9F607&apn_ptnrs=U3&apn_sauid=2ED8943E-4776-4598-9162-DD11ACCFDF73&apn_dtid=OSJ000YYDE&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 21:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.08.08 02:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.07.08 11:02:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Sarah\AppData\Roaming\14001.037 [2012.11.05 08:27:47 | 000,000,000 | ---D | M] [2010.02.19 16:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2012.11.03 12:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\vah13qu7.default\extensions [2012.03.30 01:18:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\vah13qu7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.15 19:28:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\vah13qu7.default\extensions\2020Player_IKEA@2020Technologies.com [2012.11.03 12:27:44 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\vah13qu7.default\extensions\toolbar@ask.com [2011.11.22 22:43:50 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\vah13qu7.default\extensions\welcome@toolmin.com [2012.11.03 12:27:44 | 000,002,308 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\vah13qu7.default\searchplugins\askcom.xml [2012.02.05 21:18:45 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video> -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Sarah\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Windows Init] "C:\Users\Sarah\AppData\Roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe" File not found O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (AS_AR_Control Light Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982AA394-CEDB-4E82-AD4A-F13C7E8813FF}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAF1C3D-535F-4667-AE25-5993459709C0}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECFE797-20E1-407E-B749-9A758EE0D5C1}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9054822-0E09-481C-9540-687A254040D7}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.05 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.11.05 08:27:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\14001.037 [2012.11.03 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.11.03 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.11.03 12:16:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Avira [2012.11.03 12:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 12:10:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.03 12:10:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.03 12:10:33 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.03 12:10:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.03 12:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.03 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.02 11:14:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\14001.036 [2012.10.31 20:19:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\14001.035 [2012.10.29 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\14001.034 [1 C:\Users\Sarah\AppData\Roaming\*.tmp files -> C:\Users\Sarah\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.05 18:33:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.05 18:31:37 | 000,000,051 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\blckdom.res [2012.11.05 18:28:49 | 000,065,758 | ---- | M] () -- C:\Users\Sarah\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.11.05 18:26:38 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable [2012.11.05 18:19:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.05 17:55:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 17:55:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 17:51:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279084071-3504927093-3720391642-1000UA.job [2012.11.05 17:40:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279084071-3504927093-3720391642-1000Core.job [2012.11.05 17:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.05 08:28:25 | 000,204,432 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe222.dll [2012.11.05 08:27:59 | 000,007,720 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe222.dll [2012.11.04 16:17:07 | 000,654,194 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.04 16:17:07 | 000,299,746 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.04 16:17:07 | 000,130,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.04 16:17:07 | 000,037,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 12:10:43 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 12:09:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.03 12:08:51 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys [2012.10.29 17:39:36 | 000,007,720 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe.dll [2012.10.24 17:55:37 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\Desktop\Nr. 4 - 13 - Aufgabe und Lösungen sind Markiert.pdf [2012.10.24 17:54:50 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\Desktop\Nr. 1 - 3 - Aufgaben und Lösungen sind Markiert.pdf [1 C:\Users\Sarah\AppData\Roaming\*.tmp files -> C:\Users\Sarah\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.05 18:28:47 | 000,065,758 | ---- | C] () -- C:\Users\Sarah\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.11.05 18:26:38 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable [2012.11.05 08:27:59 | 000,007,720 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe222.dll [2012.11.05 08:27:58 | 000,204,432 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe222.dll [2012.11.03 12:10:43 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.29 17:39:36 | 000,007,720 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe.dll [2012.10.24 17:55:37 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\Desktop\Nr. 4 - 13 - Aufgabe und Lösungen sind Markiert.pdf [2012.10.24 17:54:50 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\Desktop\Nr. 1 - 3 - Aufgaben und Lösungen sind Markiert.pdf [2012.07.12 13:10:46 | 000,000,051 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\blckdom.res [2012.07.03 19:10:03 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad [2011.07.19 17:08:20 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat [2011.03.29 22:05:10 | 000,001,608 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\MyMicroBalanceConfig.ini [2011.01.07 21:06:06 | 000,474,772 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2010.12.30 23:54:41 | 000,114,749 | ---- | C] () -- C:\Windows\System32\cxts001.dll [2010.12.30 23:54:41 | 000,057,400 | ---- | C] () -- C:\Windows\System32\trs.dll [2010.12.30 23:54:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\OptCVw7.dll [2010.12.30 23:54:35 | 000,172,032 | ---- | C] () -- C:\Windows\System32\OptCVm6.dll [2010.12.30 23:54:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\OptCVa6.dll [2010.12.30 23:54:29 | 000,024,576 | ---- | C] () -- C:\Windows\System32\BS_Register.exe [2010.11.28 19:09:34 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini [2010.11.28 18:50:01 | 000,000,368 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.08.14 21:22:30 | 000,006,656 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.18 17:13:40 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2008.12.09 16:23:13 | 000,052,688 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\appConf32.exe [2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.18 19:49:50 | 000,000,000 | -HSD | M] -- C:\Users\Sarah\AppData\Roaming\.# [2012.07.12 13:10:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\10001.064 [2012.07.12 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\10001.065 [2012.07.15 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\10001.066 [2012.07.17 17:43:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\10001.067 [2012.10.29 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\14001.034 [2012.10.31 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\14001.035 [2012.11.02 11:14:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\14001.036 [2012.11.05 08:27:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\14001.037 [2012.05.08 07:07:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Ahuv [2011.10.22 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\BSW [2011.08.23 18:36:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite [2012.08.08 02:18:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HTC [2011.11.30 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.07.18 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ [2012.05.08 07:55:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Kiseax [2012.07.12 13:10:34 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kock [2010.02.18 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MAGIX [2010.06.26 12:57:17 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\My Games [2012.07.09 17:47:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org [2012.05.01 16:27:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Pazaak [2012.10.05 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Spotify [2010.02.19 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template [2012.02.07 21:14:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\toolplugin [2012.04.09 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j [2012.07.12 13:10:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > 2. Extras.txt aus OTL OTL Extras logfile created on: 05.11.2012 18:32:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,18 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 67,10% Memory free 6,35 Gb Paging File | 4,71 Gb Available in Paging File | 74,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 29,71 Gb Free Space | 7,00% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 18,92 Gb Free Space | 47,30% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08AEA047-6B08-4A1C-ABC7-098414B59834}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1929C5BB-A958-4404-B86E-FF838A91D0E9}" = lport=10243 | protocol=6 | dir=in | app=system | "{34A60A81-ACD4-4909-95FA-32F1F789747A}" = rport=445 | protocol=6 | dir=out | app=system | "{4F9731E0-E330-41DD-831D-8AEF1B651E4D}" = lport=2869 | protocol=6 | dir=in | app=system | "{5043B824-D8A0-4EB0-BC9D-59E72A4E0DF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{571A34D3-4774-4FC1-9296-9F7BEB4AE4EE}" = lport=137 | protocol=17 | dir=in | app=system | "{5C0254B9-46E8-41ED-86E9-19CA847CFB84}" = rport=10243 | protocol=6 | dir=out | app=system | "{5D623B07-D012-4624-8D42-58E2AD0E1ED2}" = lport=138 | protocol=17 | dir=in | app=system | "{7FFA7627-79FF-4FC4-878E-71AB88EF06F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{89669CF9-BCE7-469F-BC80-A838B28D965F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{90471E59-C670-4942-A4A9-B5FC666252F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EB469CB-4007-4B55-B712-530F2BA0DC4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9F81F77C-B1E8-474B-9040-6AD9C3623773}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A86AA22B-F5D9-4C57-90C2-87E8AED2824F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BEB48613-84A0-4749-9D85-403BAD0CFEB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF908692-7298-4136-89EA-FE85B27FB0FC}" = lport=2869 | protocol=6 | dir=in | app=system | "{DF559EC8-B702-4665-A011-80A3411F2D02}" = rport=138 | protocol=17 | dir=out | app=system | "{E16E2D01-9106-41F6-8C95-EF56862FF942}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E9AC9C18-46C5-4D3C-A29C-6951BC4B84CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F74E3D38-652B-40CD-ABA3-449C99BC7B11}" = rport=137 | protocol=17 | dir=out | app=system | "{FBA810DB-5A85-457A-AACF-7777F8ACA675}" = lport=445 | protocol=6 | dir=in | app=system | "{FC2B1D20-1D62-451C-9C37-74BD926C9325}" = lport=139 | protocol=6 | dir=in | app=system | "{FD9AAFF6-95C1-4658-AFBD-DE73B5158375}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051749A3-941C-45BD-9D67-D1671CD4AC4B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{05C4F587-C347-4401-83B4-EC24E74A0051}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{09177468-F69A-4D95-8FA8-45690CCC8D6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1A4C2A7D-AF75-4E4B-BFE8-DA2BCF1DE83E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B13D6DA-D103-4385-ACB8-D992013583A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1DE6C278-947F-4BD4-BD08-1BF8A9AE02D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{252944AA-665A-41F4-8C8F-3819EF17B79A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{27441884-2D9A-4077-A206-A505EA7AFC8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2A1E90BF-A72C-4A89-8715-5B52396E7D3C}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe | "{347C90F0-CD98-4C66-A4B8-CA9D9303002D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{362E8745-B0EE-47F5-A301-BBB82C5F6E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{419F7A94-5917-4AE2-B6C5-3B8AB86ECAEF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{46361ABC-4493-4294-9730-B0B8FEDFA71D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{55FC11CC-7BE4-407E-9EE4-965AD8582507}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5F18B665-ADD4-4480-871F-3FE5A5BE4031}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{74894E83-B618-47A1-96D4-9AA34E1FF4EB}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe | "{76132283-57CC-43FA-9227-1A2DF359DB4D}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe | "{7907BCD7-51C3-4EB2-92C2-D17C03192EE7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{79BB3513-C2A4-4D78-BCD0-102CF51EE42D}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{80B75353-1CFC-4819-9591-85AAC2B5D658}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{80BD478D-25F9-4EA5-AB02-DB33B55A13FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89C22033-DE43-420F-AA4F-9AABD1E689F7}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{89C5E800-6D49-4A44-BE26-5B43C23D8CCE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{8AD133E9-6E69-448A-AD70-47E391584D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8ED6251B-7F02-4D0F-BCE6-F896EC8EC89E}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{93314015-C996-4617-8AEB-2F5B256A42E5}" = dir=in | app=c:\program files\itunes\itunes.exe | "{950C1DDF-0692-4E00-8BB2-DBEBEB774DA2}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe | "{9594A7C3-6DD4-4AE5-B0C7-324AA25687DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98BC57C3-1E59-4960-AA87-3D4AA3F40041}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe | "{9AFEB2F9-75D4-4FC6-ADFF-FC2DD326C403}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9BB5FB5A-9CA7-4731-9848-A724F41B0563}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A00C5195-3745-4C8C-B60C-644F1C080E8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A0503848-FA2A-4DD4-AF3C-F6BB8A5F49CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6674EDF-7BEE-4E6C-95CC-DA2571CFFC87}" = protocol=6 | dir=out | app=system | "{B818C9F1-F8E6-4DE5-BCC1-DD5732BCD731}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CB9AFED4-1E2D-423A-9350-43C3EF9AFF4C}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe | "{CD5E7FFC-2842-4888-ACC7-72F2E3DEC26D}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe | "{D12D33AB-F7C8-4263-B624-F0E06144C73D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E370A2F4-BA6F-4BE7-9E57-0407DC6131DE}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe | "{F9B14D53-7D0C-4E8A-BED0-3780CE3B84FF}" = dir=in | app=c:\users\sarah\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{0D517ED6-9A00-41D2-BA5F-9BFFE6623F15}C:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe | "TCP Query User{2527665B-9194-4F0D-9AF8-46A5995DC5D1}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{2BF38636-39ED-4497-A905-4D353061A17D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{40712D95-7DE2-400E-BFB5-C3C5970908EE}C:\users\sarah\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\spotify\spotify.exe | "TCP Query User{CA3EC9C7-FC10-41A5-80D2-014C77BC3F2E}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{DD784A67-707E-4B84-BFA5-5137A734B855}C:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe | "UDP Query User{10662105-FD2A-4DB6-945A-7279DDDC1AEA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{741BC05B-18B6-4250-96E1-30D53066214E}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{A4AF7FEF-7D6E-4368-B6E2-97E1A0371E78}C:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe | "UDP Query User{D00EBC80-B1DD-4BA7-8F35-0F5FE95BCF53}C:\users\sarah\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\spotify\spotify.exe | "UDP Query User{EFEFB93E-83D3-4E22-BCEA-3EDFC1D87265}C:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\xhaexbmjhhwvaxyqx1fajcn1pgjqpc1j\svcnost.exe | "UDP Query User{FBEEB5DC-941C-4137-B54B-E4088CCB44CF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AFC Online_is1" = AFC Online 2,7,0,3 [version: Standard] "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "Avira AntiVir Desktop" = Avira Free Antivirus "BSW" = BrettspielWelt "Caesar 3" = Caesar 3 "Clickster16342" = Clickster "Crossword Construction Kit" = Crossword Construction Kit "DivX Setup" = DivX-Setup "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Picasa 3" = Picasa 3 "Pixum Fotobuch" = Pixum Fotobuch "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "toolplugin" = toolplugin "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.1.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.08.2012 01:02:49 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2121 Error - 23.08.2012 01:02:50 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.08.2012 01:02:50 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3166 Error - 23.08.2012 01:02:50 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3166 Error - 23.08.2012 01:02:51 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.08.2012 01:02:51 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4227 Error - 23.08.2012 01:02:51 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4227 Error - 23.08.2012 01:02:52 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.08.2012 01:02:52 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5288 Error - 23.08.2012 01:02:52 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5288 [ OSession Events ] Error - 14.03.2010 12:44:32 | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8196 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 07.08.2012 21:13:11 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 09.08.2012 10:36:49 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 17.08.2012 11:00:42 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 17.08.2012 11:00:42 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 27.09.2012 00:44:04 | Computer Name = Sarah-PC | Source = volsnap | ID = 393283 Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden. Error - 10.10.2012 01:18:15 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010 Description = Error - 18.10.2012 15:43:26 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 19.10.2012 01:17:21 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 19.10.2012 19:47:32 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0) Error - 27.10.2012 14:35:08 | Computer Name = Sarah-PC | Source = Virtual Disk Service | ID = 33554441 Description = < End of report > 3. gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-05 19:42:30 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 Running: 8dg0y0sn.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\kwloypow.sys ---- System - GMER 1.0.15 ---- SSDT B3CA17CE ZwCreateSection SSDT B3CA17D8 ZwRequestWaitReplyPort SSDT B3CA17D3 ZwSetContextThread SSDT B3CA17DD ZwSetSecurityObject SSDT B3CA17E2 ZwSystemDebugControl SSDT B3CA176F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E88A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC24D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC962C 4 Bytes [CE, 17, CA, B3] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC9988 4 Bytes [D8, 17, CA, B3] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC99CC 4 Bytes [D3, 17, CA, B3] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EC9A48 4 Bytes [DD, 17, CA, B3] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EC9A9C 4 Bytes [E2, 17, CA, B3] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[448] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Windows\System32\igfxtray.exe[460] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[468] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Windows\System32\hkcmd.exe[1192] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Windows\System32\igfxpers.exe[1220] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text ... .text C:\Windows\Explorer.EXE[1484] kernel32.dll!CreateProcessW 75FF204D 5 Bytes JMP 01E352AB .text C:\Windows\system32\taskhost.exe[1692] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Program Files\Launch Manager\HotkeyApp.exe[1960] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Program Files\Launch Manager\OSD.exe[1984] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Program Files\Launch Manager\WButton.exe[2016] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2024] ntdll.dll!NtClearEvent + F 772954C7 1 Byte [00] .text ... ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????oem26.inf???*isatap??B??@%systemroot%\system32\rascfg.dll,-32005?????l?l????????20??system32\DRIVERS\raspppoe.sys?????P????????????e????@%systemroot%\system32\sstpsvc.dll,-202???????P????????????n????@%systemroot%\system32\sstpsvc.dll,-202??????????m?????????n?????????????????????????????????? ???????????c??????t???????o??????????? ???m????????????????R??????????????d???????????y???h???????????????????,???????????:???????????????????????????????????????????y??????????os?????????? ?????????????????~???~??????????????????????? ???????????????????k?:????????h???????pi????h?????H???@???????@???????H???????????????????????????\SystemRoot\System32\Drivers\RtsUStor.sys?????<????? ???g??????.?????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0001?-0??? ?????????????????????.??.???????????????????s??4??? ?????????????????????1????????????&???????????????????????????????? ??????????????-0??????????? ??? ??c_1148.nls? ? ??????????? ??? ??c_1149.nls? ? ??????????? ??? ??c_20280.nls?? ??????????? ??? ??c_20284.nls Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@alive 0x13 0xA0 0x37 0x2F ... ---- EOF - GMER 1.0.15 ---- Wäre sehr dankbar für Hilfe, bin nämlich völlig aufgeschmissen. Vielen Dank schonmal!!! |
| Themen zu Avira meldet 'TR/Crypt.EPACK.Gen2' |
| 7-zip, antivir, avira, bho, bingbar, bonjour, desktop, ebay, error, firefox, flash player, home, install.exe, launch, limited.com/facebook, logfile, mozilla, ntdll.dll, nvidia update, nvpciflt.sys, object, office 2007, plug-in, programm, quelldatei, realtek, registry, scan, security, senden, software, spotify web helper, svchost.exe, trojaner, usb 2.0, virus, windows, wlansvc |
Baum-Darstellung