![]() | ![]() Polizei-Virus eingefangen Hallo. Nachdem sich mein Laptop gestern den tollen Polizei-Virus eingefangen hat, war der Laptop natürlich gesperrt. So ein Mist, das ist zum Glück mein erster Virus. Na jedenfalls konnte ich über einen zweiten PC und Google-Suche euer Forum und die Hinweise zum Virus finden. Ich habe bereits das Programm Malwarebytes Anti-Malware heruntergeladen, installiert und laufen lassen. Nach der Installation wollte sich das Programm aktualisieren, jedoch hatte ich aufgrund eurer Hinweise die Internet-Verbindung deaktiviert. Dadurch konnte sich das Programm zwar nicht aktualisieren, aber der Rechner läuft dann zumindest (vermeintlich?) normal. Ich habe allerdings schon bemerkt, dass sich der Taskmanager nicht öffnen lässt. Der Suchlauf hat folgende Logfile erzeugt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.09.29.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 MEINNAME :: MEINNAME-PC [Administrator] 27.10.2012 00:13:21 mbam-log-2012-10-27 (16-12-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413197 Laufzeit: 12 Stunde(n), 30 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\lsass.exe (Trojan.Delf) -> 3780 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt. HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\02 - Programmspeicher\MathType v5.2a\l-dsm52a\keygen.exe (Riskware.Keygen) -> Keine Aktion durchgeführt. C:\Users\MEINNAME\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Screenshot der angezeigten Oberfläche im Anhang. Könnt Ihr mir helfen, wie ich nun weiter vorgehen muss? Danke im Voraus. |
![]() | ![]() Polizei-Virus eingefangen Ich habe sicherheitshalber noch die aktuellste "mbam-rules.exe" 2012.10.22 heruntergeladen, auf den Laptop übertragen und den Suchlauf erneut gestartet. Mal sehen, ob sich das Ergebnis verändert.
Dadurch konnte ich das Malwareprogramm nochmal neu installiert und dabei die Aktualisierung mit ausgeführen. Nach einem erneuten vollständigen Suchlauf über das C-Laufwerk sieht die Logfile nun wie folgt aus: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.10.27.06 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6002.18005 MEINNAME :: MEINNAME-PC [Administrator] 28.10.2012 00:32:35 mbam-log-2012-10-28 (01-42-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388308 Laufzeit: 1 Stunde(n), 7 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt. HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\MEINNAME\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Keine Aktion durchgeführt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Danach habe ich den Laptop wieder im normalen Modus gestartet und siehe da: Auch so funktioniert die Internet-Verbindung seit gut 10Min, ohne dass die GESPERRT-Seite kommt. Diesen Beitrag hier schreibe ich gerade mit dem "infizierten" Rechner. Der Task-Manager lässt sich allerdings noch nicht öffnen. Ich gehe jetzt mal weiter in Vorleistung mit defogger usw. Bitte meldet euch dringend, wie ich weitermachen soll, denn die im Malware-Programm identifizierten Funde sind immer noch nicht behandelt. Also hier die logs vom otl: OTL Logfile: OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2012 22:56:05 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MEINNAME\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free 6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS Computer Name: MEINNAME-PC | User Name: MEINNAME| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.29 00:13:50 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.22 09:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.17 07:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe ========== Modules (No Company Name) ========== MOD - [2009.06.10 20:08:45 | 000,140,800 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2012.07.03 20:52:41 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2012.07.01 14:54:13 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.03.18 12:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2011.03.18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.06.08 07:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010.03.15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010.03.15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) DRV - [2010.03.15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) DRV - [2010.03.15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010.03.15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) DRV - [2010.03.15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) DRV - [2010.03.15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2009.10.26 04:47:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.01.23 12:32:34 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.07.27 03:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.23 22:52:20 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.05.08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Program Files\Netviewer\Support\Plugin\FF plugin\NVFFSupport [2010.10.01 08:42:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.29 21:45:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 21:10:27 | 000,000,000 | ---D | M] [2010.01.22 23:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Extensions [2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions [2012.07.01 18:01:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.30 11:31:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2011.05.30 00:01:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.04.28 20:21:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.28 20:21:27 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.09 21:10:27 | 000,000,140 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Google.src [2011.04.28 20:21:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.28 20:21:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.28 20:21:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.23 17:40:03 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rc.hydro.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D424496-B821-4238-8BD3-5B473D552AAA}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0B2BBE-9C89-465D-91EC-5ED0DF796580}: DhcpNameServer = O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell - "" = AutoRun O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\AutoRun\command - "" = G:\installer.exe O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\verb\command - "" = G:\installer.exe O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell - "" = AutoRun O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 18:57:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2012.10.27 16:50:12 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Desktop\Fehler [2012.10.26 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Malwarebytes [2012.10.26 23:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 23:03:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.26 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.26 21:34:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.14 10:59:38 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.10.03 09:29:23 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein - A.Lebert & S. Lebert [2012.09.30 13:25:04 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein [2012.09.30 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\assembly [2012.09.30 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Add-in Express [2012.09.30 12:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 7.0 [2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\FILEminimizer Suite [2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FILEminimizer [2011.04.10 13:27:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5E28.dll ========== Files - Modified Within 30 Days ========== [2012.10.29 23:26:02 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.29 23:10:06 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.29 22:40:24 | 000,050,477 | ---- | M] () -- C:\Users\MEINNAME\Desktop\Defogger.exe [2012.10.29 21:59:33 | 000,629,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.29 21:59:33 | 000,596,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.29 21:59:33 | 000,126,732 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.29 21:59:33 | 000,104,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.29 21:58:55 | 000,845,151 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.10.29 21:58:55 | 000,045,465 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 21:52:25 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2012.10.29 21:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.29 21:51:28 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys [2012.10.29 00:42:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.29 00:14:09 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.10.29 00:14:09 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.10.29 00:13:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2012.10.28 01:17:55 | 000,000,000 | ---- | M] () -- C:\Users\MEINNAME\defogger_reenable [2012.10.26 21:48:37 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.10.26 21:34:46 | 000,000,778 | ---- | M] () -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.18 06:37:52 | 000,160,768 | ---- | M] () -- C:\Users\MEINNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.10.13 22:44:51 | 000,021,907 | ---- | M] () -- C:\Users\MEINNAME\Desktop\https .pdf ========== Files Created - No Company Name ========== [2012.10.29 22:40:24 | 000,050,477 | ---- | C] () -- C:\Users\MEINNAME\Desktop\Defogger.exe [2012.10.29 00:13:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.10.28 01:17:55 | 000,000,000 | ---- | C] () -- C:\Users\MEINNAME\defogger_reenable [2012.10.28 00:47:29 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys [2012.10.26 21:34:46 | 000,000,778 | ---- | C] () -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.26 21:34:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.10.13 22:44:50 | 000,021,907 | ---- | C] () -- C:\Users\MEINNAME\Desktop\https .pdf [2012.01.08 19:48:58 | 000,845,151 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.09.11 20:54:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.05.07 12:14:58 | 000,000,156 | ---- | C] () -- C:\Windows\JIXXA.INI [2010.10.13 19:35:10 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.13 19:34:39 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.01.09 19:59:53 | 000,004,096 | -H-- | C] () -- C:\Users\MEINNAME\AppData\Local\keyfile3.drm [2009.04.07 15:35:34 | 000,000,680 | ---- | C] () -- C:\Users\MEINNAME\AppData\Local\d3d9caps.dat [2008.10.12 01:05:22 | 000,160,768 | ---- | C] () -- C:\Users\MEINNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.14 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2012.05.24 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Broad Intelligence [2012.01.24 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Buhl Data Service [2012.01.24 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Buhl Data Service GmbH [2012.07.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\calibre [2012.10.08 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Canon [2009.12.21 23:02:33 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Design Science [2012.10.14 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoft [2012.10.14 10:59:50 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.16 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\elsterformular [2009.10.24 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Engelmann Media [2009.10.23 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Gaijin Ent [2011.09.09 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze [2011.01.23 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Juniper Networks [2009.09.13 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\ScanSoft [2011.05.29 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Sony [2011.05.29 21:40:46 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Sony Setup [2008.10.12 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\The Longest Journey ========== Purity Check ========== < End of report > [/CODE] und der extra log: OTL Logfile: OTL Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2012 22:56:05 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MEINNAME\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free 6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS Computer Name: MEINNAME-PC | User Name: MEINNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BA37BE-581E-4CA1-A885-2BE55D0CDAAE}" = rport=445 | protocol=6 | dir=out | app=system | "{27CBA83E-24FB-47B7-AB39-C2D21F2C10C5}" = rport=138 | protocol=17 | dir=out | app=system | "{6013CB4F-D619-4942-96B0-7419A6B67D77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{71DD9408-BE7A-4478-A899-EA40AE984212}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{76D83794-88E5-4F4E-BF4A-1E5A406E6BCD}" = lport=139 | protocol=6 | dir=in | app=system | "{7B8E84F6-F4AC-4526-B4DE-2F72F529402F}" = lport=138 | protocol=17 | dir=in | app=system | "{83886093-F2E2-47B5-805C-509C5B3FF19E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9C12F136-D267-4286-8058-DBFCBB1E1FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{A070F910-020B-4403-8833-51F234DCCACF}" = lport=137 | protocol=17 | dir=in | app=system | "{C2788323-F215-46EA-8497-F93AEE7125B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DC334A47-49EE-4168-A9AE-7686538340EB}" = rport=137 | protocol=17 | dir=out | app=system | "{E8EC0BF9-9E63-4AE9-9754-FC91268F7886}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0862D3C8-6FD6-48E3-AF51-9EF96BA01B5D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{0E2A610A-3F30-42C6-88CC-E0BEA05BA030}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1F90F335-4F5C-424C-874E-24CF4B028E25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{621A2B46-8157-4EF9-8440-841603185647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{68292D8E-6F7F-496C-8A75-B84E04301A67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{69454F7E-3C56-4698-B9CC-C819E49BADDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{786EFEAE-B606-4FFC-B506-CA53F1E83496}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8B94E913-8A09-4155-AA5B-7AAFFE03452B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{9627A86C-3D3A-40F1-8665-0847C23BD90E}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{C7883114-BD0D-403A-A7E5-2D6B289DFD4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D88B413F-BC9F-45DA-982A-570FD0753D94}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "TCP Query User{4A53400A-844A-4630-94C2-7CF75F8712A9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{AF6B1500-B486-44BA-B4D4-46BCC103F8BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4313D206-083D-41D2-896E-E64147D65A6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{8B848712-16C8-4F8A-AC77-325A1FC91D34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28FAC14D-695D-3307-AADC-FD40EEFB2574}" = Microsoft Visual Studio 2008 Standard Edition - DEU "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00 "{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{58577F87-E3BB-4959-8A85-9122CF3F8ED8}" = avi.NET "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista "{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_VISSTDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_VISSTDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISSTDR_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_VISSTDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007 "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1D6721B-9C28-4E3F-9DE1-C6584B99465D}" = Intel(R) PROSet/Wireless WiFi-Software "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AAF2D4ED-864D-4921-9699-0632B81AB577}" = Paint.NET v2.61 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series "{AE75AF6A-22AC-4497-AE20-9FA4F4B10043}" = Netviewer Support "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{B2E76121-9E0D-49B4-894F-2C7B7D9E6A8F}" = calibre "{B40DCEFF-9B7B-4c36-B4FA-6CE7EABFB4B8}" = K5400 "{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU "{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext "{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "7-Zip" = 7-Zip 4.65 "AC3Filter" = AC3Filter (remove only) "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo MP3 AudioCenter" = Ashampoo MP3 AudioCenter "Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DSMT5" = MathType 5 "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Edraw Network Diagram_is1" = Edraw Network Diagram 5.1 "ElsterFormular" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FastStone Capture" = FastStone Capture 5.3 "FILEminimizer Suite_is1" = FILEminimizer Suite "Free 3GP Video Converter_is1" = Free 3GP Video Converter version "Free AVI Video Converter_is1" = Free AVI Video Converter version "Free Disc Burner_is1" = Free Disc Burner version "Free DVD Video Converter_is1" = Free DVD Video Converter version "Free Video to DVD Converter_is1" = Free Video to DVD Converter version "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "FreePDF_XP" = FreePDF (Remove only) "GM(S) - Toolbar" = GM(S) - Toolbar "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0 "Mahjongg Artifacts" = Mahjongg Artifacts "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MediaCoder" = MediaCoder 0.8.12 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft Visual Studio 2008 Standard Edition - DEU" = Microsoft Visual Studio 2008 Standard Edition - DEU "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MP Navigator 3.0" = Canon MP Navigator 3.0 "MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "SimpleDivX_is1" = SimpleDivX "Soldier of Fortune" = Soldier of Fortune "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall "Update Engine" = Sony Ericsson Update Engine "VISSTDR" = Microsoft Office Visio Standard 2007 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VideoLAN VLC media player 0.8.4a "VobSub" = VobSub v2.23 (Remove Only) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "Works2003Setup" = Microsoft Works 2003-Setup-Start "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks Setup Client "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.10.2012 18:24:15 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 19:49:17 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 20:20:57 | Computer Name = MEINNAME-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SynTPEnh.exe, Version, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0xd0c, Anwendungsstartzeit 01cdb49d80cac401. Error - 27.10.2012 20:26:09 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 20:37:24 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 28.10.2012 13:02:51 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 28.10.2012 19:20:37 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 16:53:18 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 16:57:36 | Computer Name = MEINNAME-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1b94 Anfangszeit: 01cdb617ccb3d7f6 Zeitpunkt der Beendigung: 187 Error - 29.10.2012 17:43:29 | Computer Name = MEINNAME-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SynTPEnh.exe, Version, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0x880, Anwendungsstartzeit 01cdb6174bf076f6. [ Media Center Events ] Error - 19.06.2012 14:39:33 | Computer Name = MEINNAME-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ OSession Events ] Error - 02.02.2009 05:27:41 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2721 seconds with 1620 seconds of active time. This session ended with a crash. Error - 23.01.2010 10:02:25 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 7933 seconds with 0 seconds of active time. This session ended with a crash. Error - 12.02.2010 08:57:32 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21200 seconds with 360 seconds of active time. This session ended with a crash. Error - 26.05.2010 17:08:00 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.05.2010 17:33:18 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 581 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.02.2011 18:31:11 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 60 seconds of active time. This session ended with a crash. Error - 23.02.2011 16:18:27 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. Error - 25.10.2011 13:40:37 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.10.2012 20:43:24 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7022 Description = Error - 27.10.2012 20:53:33 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 04:47:26 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7043 Description = Error - 28.10.2012 13:02:49 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 13:02:51 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 19:20:38 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 19:23:51 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 29.10.2012 16:53:20 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.10.2012 16:55:15 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 29.10.2012 17:03:07 | Computer Name = MEINNAME-PC | Source = DCOM | ID = 10010 Description = < End of report > [/CODE] Und schließlich der Log von gmer: Code:
ATTFilter GMER Logfile: Muss ich noch etwas zu um das Problem zu beheben? Mein G Data Internet Security 2013 konnte ich mittlerweile auch wieder aktualisieren. Beim Start des Laptop kommt jetzt immer die Meldung: "RunDLL" Fehler beim Laden von C:\Users\ALEXAN~1\AddData\Local\Temp\wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden Die Datei wurde wahrscheinlich gelöscht, als ich nach dem Defogger und OTL auch mein Virenprogramm habe drüber laufen lassen und diese empfahl, die Datei zu löschen. Mir ist bis auf diese Fehlermeldung kein weiteres ungewöhnliches Verhalten des PC aufgefallen. Würdet Ihr mir bitte helfen, die Sache final zu behandeln? |
![]() | ![]() Polizei-Virus eingefangen Also hier die logs vom otl:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2012 22:56:05 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MEINNAME\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free 6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS Computer Name: MEINNAME-PC | User Name: MEINNAME| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.29 00:13:50 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.22 09:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.17 07:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe ========== Modules (No Company Name) ========== MOD - [2009.06.10 20:08:45 | 000,140,800 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2012.07.03 20:52:41 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2012.07.01 14:54:13 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.03.18 12:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2011.03.18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.06.08 07:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010.03.15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010.03.15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) DRV - [2010.03.15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) DRV - [2010.03.15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010.03.15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) DRV - [2010.03.15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) DRV - [2010.03.15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2009.10.26 04:47:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.01.23 12:32:34 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.07.27 03:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.23 22:52:20 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.05.08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Program Files\Netviewer\Support\Plugin\FF plugin\NVFFSupport [2010.10.01 08:42:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.29 21:45:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 21:10:27 | 000,000,000 | ---D | M] [2010.01.22 23:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Extensions [2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions [2012.07.01 18:01:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.30 11:31:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2011.05.30 00:01:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.04.28 20:21:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.28 20:21:27 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.09 21:10:27 | 000,000,140 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Google.src [2011.04.28 20:21:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.28 20:21:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.28 20:21:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.23 17:40:03 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rc.hydro.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D424496-B821-4238-8BD3-5B473D552AAA}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0B2BBE-9C89-465D-91EC-5ED0DF796580}: DhcpNameServer = O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell - "" = AutoRun O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\AutoRun\command - "" = G:\installer.exe O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\verb\command - "" = G:\installer.exe O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell - "" = AutoRun O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 18:57:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2012.10.27 16:50:12 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Desktop\Fehler [2012.10.26 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Malwarebytes [2012.10.26 23:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 23:03:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.26 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.26 21:34:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.14 10:59:38 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.10.03 09:29:23 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein - A.Lebert & S. Lebert [2012.09.30 13:25:04 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein [2012.09.30 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\assembly [2012.09.30 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Add-in Express [2012.09.30 12:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 7.0 [2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\FILEminimizer Suite [2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FILEminimizer [2011.04.10 13:27:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5E28.dll ========== Files - Modified Within 30 Days ========== [2012.10.29 23:26:02 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.29 23:10:06 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.29 22:40:24 | 000,050,477 | ---- | M] () -- C:\Users\MEINNAME\Desktop\Defogger.exe [2012.10.29 21:59:33 | 000,629,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.29 21:59:33 | 000,596,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.29 21:59:33 | 000,126,732 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.29 21:59:33 | 000,104,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.29 21:58:55 | 000,845,151 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.10.29 21:58:55 | 000,045,465 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 21:52:25 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2012.10.29 21:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.29 21:51:28 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys [2012.10.29 00:42:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.29 00:14:09 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.10.29 00:14:09 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.10.29 00:13:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2012.10.28 01:17:55 | 000,000,000 | ---- | M] () -- C:\Users\MEINNAME\defogger_reenable [2012.10.26 21:48:37 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.10.26 21:34:46 | 000,000,778 | ---- | M] () -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.18 06:37:52 | 000,160,768 | ---- | M] () -- C:\Users\MEINNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.10.13 22:44:51 | 000,021,907 | ---- | M] () -- C:\Users\MEINNAME\Desktop\https .pdf ========== Files Created - No Company Name ========== [2012.10.29 22:40:24 | 000,050,477 | ---- | C] () -- C:\Users\MEINNAME\Desktop\Defogger.exe [2012.10.29 00:13:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.10.28 01:17:55 | 000,000,000 | ---- | C] () -- C:\Users\MEINNAME\defogger_reenable [2012.10.28 00:47:29 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys [2012.10.26 21:34:46 | 000,000,778 | ---- | C] () -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.10.26 21:34:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.10.13 22:44:50 | 000,021,907 | ---- | C] () -- C:\Users\MEINNAME\Desktop\https .pdf [2012.01.08 19:48:58 | 000,845,151 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.09.11 20:54:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.05.07 12:14:58 | 000,000,156 | ---- | C] () -- C:\Windows\JIXXA.INI [2010.10.13 19:35:10 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.13 19:34:39 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.01.09 19:59:53 | 000,004,096 | -H-- | C] () -- C:\Users\MEINNAME\AppData\Local\keyfile3.drm [2009.04.07 15:35:34 | 000,000,680 | ---- | C] () -- C:\Users\MEINNAME\AppData\Local\d3d9caps.dat [2008.10.12 01:05:22 | 000,160,768 | ---- | C] () -- C:\Users\MEINNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.14 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2012.05.24 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Broad Intelligence [2012.01.24 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Buhl Data Service [2012.01.24 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Buhl Data Service GmbH [2012.07.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\calibre [2012.10.08 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Canon [2009.12.21 23:02:33 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Design Science [2012.10.14 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoft [2012.10.14 10:59:50 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.16 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\elsterformular [2009.10.24 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Engelmann Media [2009.10.23 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Gaijin Ent [2011.09.09 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Gutscheinmieze [2011.01.23 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Juniper Networks [2009.09.13 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\ScanSoft [2011.05.29 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Sony [2011.05.29 21:40:46 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Sony Setup [2008.10.12 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\The Longest Journey ========== Purity Check ========== < End of report > und der extra log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2012 22:56:05 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MEINNAME\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free 6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS Computer Name: MEINNAME-PC | User Name: MEINNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BA37BE-581E-4CA1-A885-2BE55D0CDAAE}" = rport=445 | protocol=6 | dir=out | app=system | "{27CBA83E-24FB-47B7-AB39-C2D21F2C10C5}" = rport=138 | protocol=17 | dir=out | app=system | "{6013CB4F-D619-4942-96B0-7419A6B67D77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{71DD9408-BE7A-4478-A899-EA40AE984212}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{76D83794-88E5-4F4E-BF4A-1E5A406E6BCD}" = lport=139 | protocol=6 | dir=in | app=system | "{7B8E84F6-F4AC-4526-B4DE-2F72F529402F}" = lport=138 | protocol=17 | dir=in | app=system | "{83886093-F2E2-47B5-805C-509C5B3FF19E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9C12F136-D267-4286-8058-DBFCBB1E1FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{A070F910-020B-4403-8833-51F234DCCACF}" = lport=137 | protocol=17 | dir=in | app=system | "{C2788323-F215-46EA-8497-F93AEE7125B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DC334A47-49EE-4168-A9AE-7686538340EB}" = rport=137 | protocol=17 | dir=out | app=system | "{E8EC0BF9-9E63-4AE9-9754-FC91268F7886}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0862D3C8-6FD6-48E3-AF51-9EF96BA01B5D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{0E2A610A-3F30-42C6-88CC-E0BEA05BA030}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1F90F335-4F5C-424C-874E-24CF4B028E25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{621A2B46-8157-4EF9-8440-841603185647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{68292D8E-6F7F-496C-8A75-B84E04301A67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{69454F7E-3C56-4698-B9CC-C819E49BADDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{786EFEAE-B606-4FFC-B506-CA53F1E83496}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8B94E913-8A09-4155-AA5B-7AAFFE03452B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{9627A86C-3D3A-40F1-8665-0847C23BD90E}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{C7883114-BD0D-403A-A7E5-2D6B289DFD4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D88B413F-BC9F-45DA-982A-570FD0753D94}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "TCP Query User{4A53400A-844A-4630-94C2-7CF75F8712A9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{AF6B1500-B486-44BA-B4D4-46BCC103F8BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4313D206-083D-41D2-896E-E64147D65A6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{8B848712-16C8-4F8A-AC77-325A1FC91D34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28FAC14D-695D-3307-AADC-FD40EEFB2574}" = Microsoft Visual Studio 2008 Standard Edition - DEU "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00 "{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{58577F87-E3BB-4959-8A85-9122CF3F8ED8}" = avi.NET "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista "{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_VISSTDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_VISSTDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISSTDR_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_VISSTDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007 "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1D6721B-9C28-4E3F-9DE1-C6584B99465D}" = Intel(R) PROSet/Wireless WiFi-Software "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AAF2D4ED-864D-4921-9699-0632B81AB577}" = Paint.NET v2.61 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series "{AE75AF6A-22AC-4497-AE20-9FA4F4B10043}" = Netviewer Support "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{B2E76121-9E0D-49B4-894F-2C7B7D9E6A8F}" = calibre "{B40DCEFF-9B7B-4c36-B4FA-6CE7EABFB4B8}" = K5400 "{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU "{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext "{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "7-Zip" = 7-Zip 4.65 "AC3Filter" = AC3Filter (remove only) "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo MP3 AudioCenter" = Ashampoo MP3 AudioCenter "Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DSMT5" = MathType 5 "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Edraw Network Diagram_is1" = Edraw Network Diagram 5.1 "ElsterFormular" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FastStone Capture" = FastStone Capture 5.3 "FILEminimizer Suite_is1" = FILEminimizer Suite "Free 3GP Video Converter_is1" = Free 3GP Video Converter version "Free AVI Video Converter_is1" = Free AVI Video Converter version "Free Disc Burner_is1" = Free Disc Burner version "Free DVD Video Converter_is1" = Free DVD Video Converter version "Free Video to DVD Converter_is1" = Free Video to DVD Converter version "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "FreePDF_XP" = FreePDF (Remove only) "GM(S) - Toolbar" = GM(S) - Toolbar "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0 "Mahjongg Artifacts" = Mahjongg Artifacts "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MediaCoder" = MediaCoder 0.8.12 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft Visual Studio 2008 Standard Edition - DEU" = Microsoft Visual Studio 2008 Standard Edition - DEU "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MP Navigator 3.0" = Canon MP Navigator 3.0 "MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "SimpleDivX_is1" = SimpleDivX "Soldier of Fortune" = Soldier of Fortune "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall "Update Engine" = Sony Ericsson Update Engine "VISSTDR" = Microsoft Office Visio Standard 2007 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VideoLAN VLC media player 0.8.4a "VobSub" = VobSub v2.23 (Remove Only) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "Works2003Setup" = Microsoft Works 2003-Setup-Start "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks Setup Client "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.10.2012 18:24:15 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 19:49:17 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 20:20:57 | Computer Name = MEINNAME-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SynTPEnh.exe, Version, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0xd0c, Anwendungsstartzeit 01cdb49d80cac401. Error - 27.10.2012 20:26:09 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 27.10.2012 20:37:24 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 28.10.2012 13:02:51 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 28.10.2012 19:20:37 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 16:53:18 | Computer Name = MEINNAME-PC | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 16:57:36 | Computer Name = MEINNAME-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1b94 Anfangszeit: 01cdb617ccb3d7f6 Zeitpunkt der Beendigung: 187 Error - 29.10.2012 17:43:29 | Computer Name = MEINNAME-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SynTPEnh.exe, Version, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0x880, Anwendungsstartzeit 01cdb6174bf076f6. [ Media Center Events ] Error - 19.06.2012 14:39:33 | Computer Name = MEINNAME-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ OSession Events ] Error - 02.02.2009 05:27:41 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2721 seconds with 1620 seconds of active time. This session ended with a crash. Error - 23.01.2010 10:02:25 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 7933 seconds with 0 seconds of active time. This session ended with a crash. Error - 12.02.2010 08:57:32 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21200 seconds with 360 seconds of active time. This session ended with a crash. Error - 26.05.2010 17:08:00 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.05.2010 17:33:18 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 581 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.02.2011 18:31:11 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 60 seconds of active time. This session ended with a crash. Error - 23.02.2011 16:18:27 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. Error - 25.10.2011 13:40:37 | Computer Name = MEINNAME-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.10.2012 20:43:24 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7022 Description = Error - 27.10.2012 20:53:33 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 04:47:26 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7043 Description = Error - 28.10.2012 13:02:49 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 13:02:51 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 19:20:38 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 19:23:51 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 29.10.2012 16:53:20 | Computer Name = MEINNAME-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.10.2012 16:55:15 | Computer Name = MEINNAME-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 29.10.2012 17:03:07 | Computer Name = MEINNAME-PC | Source = DCOM | ID = 10010 Description = < End of report > Und schließlich der Log von gmer: GMER Logfile: Code:
ATTFilter GMER - hxxp://www.gmer.net Rootkit scan 2012-11-01 07:00:21 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 Running: gmer.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlyauog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC03340, 0x3EE687, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A4B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-796856541-1538127837-1361236656-1003@RefCount 6 ---- EOF - GMER 1.0.15 ---- Nachdem sich mein Rechner seit dem Wochenende wieder normal verhält, stelle ich nun die Frage an die Experten: Seht Ihr etwas, ob der Laptop nun sauber ist? Muss ich noch etwas zu um das Problem zu beheben? Mein G Data Internet Security 2013 konnte ich mittlerweile auch wieder aktualisieren. Beim Start des Laptop kommt jetzt immer die Meldung: "RunDLL" Fehler beim Laden von C:\Users\ALEXAN~1\AddData\Local\Temp\wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden Die Datei wurde wahrscheinlich gelöscht, als ich nach dem Defogger und OTL auch mein Virenprogramm habe drüber laufen lassen und diese empfahl, die Datei zu löschen. Mir ist bis auf diese Fehlermeldung kein weiteres ungewöhnliches Verhalten des PC aufgefallen. Würdet Ihr mir bitte helfen, die Sache final zu behandeln? |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizei-Virus eingefangenCode:
ATTFilter C:\02 - Programmspeicher\MathType v5.2a\l-dsm52a\keygen.exe (Riskware.Keygen) ![]() Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | ![]() Polizei-Virus eingefangen Hm, hallo, das nehme ich als ernsten Hinweis und guten Rat eines Experten - ist es ja auch, haha :-/ Habe das Ding postwendend gelöscht. Um darüber hinaus hoffentlich noch einen unmittelbaren Benefit zu ziehen: Was sagt Ihr zu der Fehlermeldung "RunDLL" Fehler beim Laden von C:\Users\MEINNAME\AddData\Local\Temp\wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden ? Außerdem möchte ich weitere Patzer vermeiden und schicke gleich noch hinterher, dass ich dieses Thema hier reingesetzt habe, da auf mein Thema http://www.trojaner-board.de/126207-...ngefangen.html leider niemand reagiert hat. Außerdem konnte ich dort meinen Namen in den Logfiles usw. nicht mehr nachträglich unkenntlich machen. Das habe ich hier versucht zu tun. Das genannte Thema könnt ihr gern schließen, ich selbst habe keine Option dazu gesehen. Sofern Ihr aus euren Prinzipien heraus mir hier nicht mehr helfen wollt, ist das für mich okay. Schließt bitte in dem Fall das Thema. Danke. |
![]() | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizei-Virus eingefangenZitat:
Da du ein keygenuser bist bekommst du hier nur noch Hilfe bei der Datenrettung und Neuinstallation des Betriebssystems
__________________ --> Polizei-Virus eingefangen |
![]() | ![]() Polizei-Virus eingefangen Hallo cosinus, eure Professionalität in Ehren. Wer schonmal bei Rot über die Ampel gelaufen ist und ein Kind das gesehen hat, hat wenig gültige Argumente. Ich weise noch einmal darauf hin, dass die Software/der Keygen nicht der Auslöser des Befalls war, sondern mein G Data Internet Security 2012 seit gerade 3 Tagen abgelaufen war! Als ernsthafter Nutzer akzeptiere ich Ihre erneute und deutliche Belehrung, menschlich bin jedoch nicht mit einem "das kommt davon" einverstanden. Schließen Sie gern dieses Thema, ich ziehe mich zurück. Geändert von lengischer (12.11.2012 um 20:20 Uhr) |
![]() | #8 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizei-Virus eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | ![]() Polizei-Virus eingefangen Wie soll ich denn vermitteln, dass ich deine Warnung verstanden habe? Ich habe deiner Aussage entnommen, dass weiterer Support, außer Neuinstallation, nicht drin ist, da ich "ein Keyuser bin". "Beleidigt?" ..... Wuuusaaa. Wir haben beide keine Lust auf ein persönliches Ding, das hilft uns nicht weiter. Einverstanden? Also: Gewährt Ihr weiteren spezifischen Support, um mein System zu bereinigen? |
![]() | #10 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizei-Virus eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | ![]() Polizei-Virus eingefangen Ja, weißt ja, was gemeint war. Zitat:
Lange Rede, kurzer Sinn: Zitat:
![]() | #12 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizei-Virus eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | ![]() Polizei-Virus eingefangen Moin. Möglich, beim Lesen der Themen liest mein einiges, das man nachher nicht wieder findet. Trotzdem: Keine weiteren Fragen, euer Ehren. |
