|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner wgsdgsdgdsdsd.dll h1n1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.12.2012, 19:16 | #1 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hallo, habe mir wohl auch leider den Virus, der hier schon häufig als "GVU-Trojaner" bezeichnet worden ist, eingefangen, Nach dem Start des Computers kam der bekannte Bildshcirm mit der Aufforderung einen bestimmten Betrag zu überweisen. Habe den PC dann einfach mit dem An-/Ausschalter neu gestartet. Läuft vom Grundsatz auch, aber das Virenprogramm (Antivir) macht Zicken und das Sichwerheitscenter von Windows 7 kann ich auch nicht öffnen/aktivieren. Habe zudem versucht, den PC per Wiederherstellungspunkt zurückzusetzen, ist aber auch misslungen. Beim Neustart bekomme ich zudem eine Meldung, dass das angegebene Modul wgsdgsdgdsgsd.dll nicht gefunden wurde. Es wäre nett, wenn mir hier jemand aus der Patsche helfen könnte. Vielen Dank arniek |
27.12.2012, 19:20 | #2 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
27.12.2012, 21:25 | #3 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 OK. Hier ist dewr Log von Malwarebytes:
__________________Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.27.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Arne :: ARNE-PC [Administrator] 27.12.2012 19:39:19 mbam-log-2012-12-27 (21-12-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 417463 Laufzeit: 1 Stunde(n), 19 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 12 C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\1504cc09b827d9ddaf53508828ea9e1cd33cf\MahjongEscapeAncientChina.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\1b19f3b01c9b4896f3d033d25f91dbd371ed53\Sparkle.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\204037809ccaa79498752b3250326df1472184f\AlabamaSmithFluchtAusPompeji.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\23f87717e226aaa8328aa4a1e1ffa6cb5fd2c851\DasVermaechtnisDesEinhorns.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\333e317d015dddf3c41781158d3976ea9b61\ZenGems.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\337fd595c0f8a89c39f7a9de60f896887354cef\Annabel.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\345a66328d6d431f8eef13dd1c2f1c8292c965\LauraJones.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\6351048f368ba5d7f2686105bfac571222ea9\BuildALot.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\ac459185b20e65bb4116c2739bd275bd769e5f7\PeggleDeluxe.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\d63663e9b684ba1d2817c13b4699ebdd6831a\AliceGreenfingers2.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\de205a8da4532ac654f12ffc11444f5d8ca10f6\YoudaFarmer.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Und hier das Ergebnis von OLT.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 21:16:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arne\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,39% Memory free 6,50 Gb Paging File | 5,03 Gb Available in Paging File | 77,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 837,99 Gb Free Space | 92,05% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,16 Gb Free Space | 55,81% Space Free | Partition Type: NTFS Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arne\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (Winmgmt) -- C:\Users\Arne\wgsdgsdgdsgsd.dll File not found SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (adiusbaw) -- system32\DRIVERS\adiusbaw.sys File not found DRV - (adiusbae) -- system32\DRIVERS\adiusbae.sys File not found DRV - (ADILOADER) -- System32\Drivers\adildr.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data] IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/hxxp://www.google.de/ [binary data] IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{2C821ED5-A5A5-4AA9-849B-CFDB3815BA8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{FF11B7C6-119A-4B39-90FD-39D871A40618}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_ptnrs=&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E&apn_dtid=OSJ000&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 20:16:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.15 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions [2010.11.01 19:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.11 21:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\wtfjwvog.default\extensions [2012.09.21 22:01:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\wtfjwvog.default\extensions\toolbar@ask.com [2012.11.18 10:33:04 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\extensions\toolbar@web.de.xpi [2012.12.11 21:25:04 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.18 10:33:06 | 000,000,911 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\11-suche.xml [2012.09.21 22:01:46 | 000,002,299 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\askcom.xml [2012.11.18 10:33:06 | 000,002,273 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\englische-ergebnisse.xml [2012.11.18 10:33:06 | 000,010,563 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\gmx-suche.xml [2012.11.18 10:33:06 | 000,002,432 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\lastminute.xml [2012.11.18 10:33:06 | 000,005,545 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\webde-suche.xml [2012.12.07 20:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 20:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.10.28 20:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [adiras] adiras.exe File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D83F242-C9CA-469F-809D-E2294A1CA395}: NameServer = 89.246.64.8 62.220.18.8 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 19:36:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.12.27 19:36:38 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes [2012.12.27 19:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.27 19:36:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.27 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.27 19:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.27 17:52:34 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.27 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Avira [2012.12.27 17:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.27 17:32:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.12.27 17:32:25 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.12.27 17:32:25 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.12.27 17:32:25 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.12.27 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.27 17:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.12.26 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\ACD Systems [2012.12.26 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\ACD Systems [2012.12.26 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012.12.26 12:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2012.12.26 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems [2012.12.26 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems [2012.12.26 12:07:43 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Downloaded Installations [2012.12.21 16:01:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.21 16:01:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.19 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\ImgBurn [2012.12.15 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Orneon [2012.12.15 18:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.12.13 16:29:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.13 16:29:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.13 16:29:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.13 16:29:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.13 16:29:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.13 16:29:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.13 16:29:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.13 16:29:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.13 10:45:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.13 10:45:27 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.13 10:45:27 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.13 10:45:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.13 10:45:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 10:45:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 10:45:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 10:45:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.13 10:45:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.13 10:45:09 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.13 10:45:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.11 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das Schloss der Schatten [2012.12.11 21:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das Schloss der Schatten [2012.12.11 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das versteinerte Koenigshaus [2012.12.11 21:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das versteinerte Koenigshaus [2012.12.11 19:49:52 | 000,121,376 | ---- | C] (Martin Pesch) -- C:\Users\Arne\mp3DirectCut.exe [2012.12.11 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Arne\Languages [2012.10.14 17:39:46 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Arne\AppData\Roaming\SetupGFD.exe [2012.10.14 17:39:28 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Arne\AppData\Roaming\Imgburn.exe [2012.10.14 17:39:20 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Arne\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.12.27 20:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 19:37:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.12.27 19:36:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 17:32:36 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.27 17:30:20 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 17:30:20 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 17:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 17:23:08 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 11:20:29 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.26 22:54:47 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.26 22:54:47 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.26 22:54:47 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.26 22:54:47 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.26 22:39:37 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.26 12:16:48 | 000,003,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.26 12:10:15 | 000,002,869 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 4.lnk [2012.12.22 11:50:50 | 000,046,792 | ---- | M] () -- C:\Users\Arne\Desktop\111-Funny-PicDump-001-by-www.FunnyPica.com_.jpg [2012.12.21 17:17:51 | 000,366,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.15 22:33:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012.12.12 11:39:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 11:39:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.11 21:24:20 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das Schloss der Schatten.lnk [2012.12.11 21:22:27 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das versteinerte Koenigshaus.lnk [2012.12.11 21:21:07 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk [2012.12.11 19:55:07 | 000,001,723 | ---- | M] () -- C:\Users\Arne\mp3DirectCut.ini [2012.12.11 19:49:53 | 000,000,680 | ---- | M] () -- C:\Users\Arne\Desktop\mp3DirectCut.lnk [2012.12.07 20:16:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.04 20:12:18 | 001,350,969 | ---- | M] () -- C:\Users\Arne\Desktop\Rollitanz 2.jpg [2012.12.04 20:11:33 | 001,359,849 | ---- | M] () -- C:\Users\Arne\Desktop\Rollitanz 1.jpg [2012.12.04 20:11:08 | 000,360,698 | ---- | M] () -- C:\Users\Arne\Desktop\KN Rollitanz.PDF ========== Files Created - No Company Name ========== [2012.12.27 19:36:21 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 17:32:36 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.26 22:39:37 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.26 22:39:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.26 12:16:48 | 000,003,584 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.26 12:10:15 | 000,002,869 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 4.lnk [2012.12.22 11:50:49 | 000,046,792 | ---- | C] () -- C:\Users\Arne\Desktop\111-Funny-PicDump-001-by-www.FunnyPica.com_.jpg [2012.12.11 21:24:20 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das Schloss der Schatten.lnk [2012.12.11 21:22:27 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das versteinerte Koenigshaus.lnk [2012.12.11 21:21:07 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk [2012.12.11 19:50:51 | 000,001,723 | ---- | C] () -- C:\Users\Arne\mp3DirectCut.ini [2012.12.11 19:49:53 | 000,000,680 | ---- | C] () -- C:\Users\Arne\Desktop\mp3DirectCut.lnk [2012.12.11 19:49:52 | 000,026,881 | ---- | C] () -- C:\Users\Arne\Manual.htm [2012.12.11 19:49:52 | 000,015,099 | ---- | C] () -- C:\Users\Arne\FAQ.htm [2012.12.04 20:12:36 | 001,350,969 | ---- | C] () -- C:\Users\Arne\Desktop\Rollitanz 2.jpg [2012.12.04 20:11:55 | 001,359,849 | ---- | C] () -- C:\Users\Arne\Desktop\Rollitanz 1.jpg [2012.12.04 20:11:23 | 000,360,698 | ---- | C] () -- C:\Users\Arne\Desktop\KN Rollitanz.PDF [2012.10.14 17:40:31 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe [2012.10.14 17:39:39 | 005,243,208 | ---- | C] ( ) -- C:\Users\Arne\AppData\Roaming\AvsP.exe [2012.10.14 17:39:36 | 001,357,348 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\MatroskaSplitter.exe [2012.10.14 17:39:36 | 000,117,723 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\yuvcodecs-1.3.exe [2012.07.09 10:02:54 | 000,540,891 | ---- | C] () -- C:\Users\Arne\CIMG3295.JPG [2012.07.09 10:02:54 | 000,533,267 | ---- | C] () -- C:\Users\Arne\CIMG3297.JPG [2012.07.09 10:02:54 | 000,522,238 | ---- | C] () -- C:\Users\Arne\CIMG3296.JPG [2012.07.09 10:02:53 | 000,537,984 | ---- | C] () -- C:\Users\Arne\CIMG3293.JPG [2012.07.09 10:02:53 | 000,507,119 | ---- | C] () -- C:\Users\Arne\CIMG3287.JPG [2012.07.09 10:02:53 | 000,223,300 | ---- | C] () -- C:\Users\Arne\CIMG3301.JPG [2012.07.09 10:02:53 | 000,161,129 | ---- | C] () -- C:\Users\Arne\CIMG3306.JPG [2012.07.09 10:02:53 | 000,160,173 | ---- | C] () -- C:\Users\Arne\CIMG3314.JPG [2012.07.09 10:02:53 | 000,158,375 | ---- | C] () -- C:\Users\Arne\CIMG3313.JPG [2012.07.09 10:02:53 | 000,153,107 | ---- | C] () -- C:\Users\Arne\CIMG3310.JPG [2012.07.09 10:02:53 | 000,152,626 | ---- | C] () -- C:\Users\Arne\CIMG3309.JPG [2012.07.09 10:02:53 | 000,150,311 | ---- | C] () -- C:\Users\Arne\CIMG3316.JPG [2012.07.09 10:02:53 | 000,144,032 | ---- | C] () -- C:\Users\Arne\CIMG3315.JPG [2012.07.09 10:02:53 | 000,139,236 | ---- | C] () -- C:\Users\Arne\CIMG3317.JPG [2012.07.09 10:02:53 | 000,127,480 | ---- | C] () -- C:\Users\Arne\CIMG3318.JPG [2012.07.09 10:02:53 | 000,119,594 | ---- | C] () -- C:\Users\Arne\CIMG3305.JPG [2012.07.09 10:02:53 | 000,117,698 | ---- | C] () -- C:\Users\Arne\CIMG3319.JPG [2012.07.09 10:02:53 | 000,117,250 | ---- | C] () -- C:\Users\Arne\CIMG3320.JPG [2012.06.27 19:43:36 | 000,141,086 | R--- | C] () -- C:\Users\Arne\verbrauchsabrehcnung 2012.PDF [2012.06.27 19:42:53 | 000,075,771 | R--- | C] () -- C:\Users\Arne\verbrauchsabrehcnung.PDF [2012.06.27 19:42:24 | 000,005,420 | R--- | C] () -- C:\Users\Arne\preisanpassung strom12.PDF [2012.06.27 19:42:00 | 000,067,873 | R--- | C] () -- C:\Users\Arne\preisanpassung strom.PDF [2012.06.27 19:41:53 | 000,148,398 | R--- | C] () -- C:\Users\Arne\strom schwerin2.PDF [2012.06.27 19:41:09 | 000,148,398 | R--- | C] () -- C:\Users\Arne\strom schwerin.PDF [2012.06.27 19:14:42 | 000,009,418 | R--- | C] () -- C:\Users\Arne\FCL091708423058.pdf [2012.06.27 19:12:35 | 000,026,911 | R--- | C] () -- C:\Users\Arne\RE_AM_028-7015312-6497146.pdf [2012.06.27 19:10:17 | 000,027,331 | R--- | C] () -- C:\Users\Arne\RECHNUNG_219060_15062012.pdf [2012.06.27 19:09:21 | 000,027,331 | R--- | C] () -- C:\Users\Arne\RECHNUNG_218265_11062012.pdf [2012.03.13 19:54:09 | 000,186,066 | R--- | C] () -- C:\Users\Arne\06_Betriebsuebergang.pdf [2012.03.07 09:06:04 | 031,513,047 | ---- | C] () -- C:\Users\Arne\Ahrensbök-alte Ansichten.pdf [2011.12.27 18:18:41 | 000,001,288 | ---- | C] () -- C:\Users\Arne\PC Inspector File Recovery.lnk [2011.09.20 19:29:03 | 000,170,838 | R--- | C] () -- C:\Users\Arne\Datenblatt_Speedy.PDF [2011.09.06 22:05:08 | 000,373,701 | ---- | C] () -- C:\Users\Arne\Lovefilmkonto.PDF [2011.09.02 16:01:47 | 007,254,714 | R--- | C] () -- C:\Users\Arne\Kooperationspartner CITTI.PDF [2011.04.28 18:16:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.04.28 18:16:50 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.04.28 18:16:50 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.04.28 18:16:50 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.04.28 18:16:50 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.04.28 18:16:50 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.04.28 18:16:50 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.04.28 18:16:50 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.04.28 18:16:50 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.04.28 18:16:50 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.04.28 18:16:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.04.28 18:16:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.04.28 18:16:50 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.04.28 18:16:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.04.28 18:16:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.04.28 18:16:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.04.28 18:16:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.04.28 18:16:50 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.04.28 18:16:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.04.28 18:16:18 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw8b.bin [2011.04.28 18:15:34 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini [2011.01.05 14:18:11 | 001,803,975 | R--- | C] () -- C:\Users\Arne\11nimmt_Regel.pdf [2010.12.14 12:10:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\2monkeys [2012.04.09 10:26:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Absolutist [2012.12.26 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ACD Systems [2011.10.01 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Anabel [2012.08.13 16:27:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Awem [2011.09.26 14:58:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azuaz Games [2011.02.20 10:54:32 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\BloodTies [2011.04.15 18:52:26 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Boomzap [2010.12.16 13:20:41 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Canneverbe Limited [2011.12.31 16:00:23 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\cerasus [2012.01.30 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\cerasus.media [2011.03.28 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ChessBase [2012.11.04 23:17:58 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoft [2012.11.04 23:17:57 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.23 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Enlightenus [2011.05.16 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Epson [2012.08.30 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\FlyWheelGames [2010.11.01 20:17:31 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Foxit Software [2011.02.14 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Friday's games [2010.11.02 16:01:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gaijin Ent [2012.04.01 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\GameMill Entertainment [2012.06.17 14:23:07 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gestalt Games [2012.09.09 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gogii [2012.01.08 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\GTM_Bodie [2011.09.18 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\HdO Adventure [2011.10.21 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\iMaxGen [2012.12.19 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ImgBurn [2012.09.17 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Magic3 [2010.10.30 12:36:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\MAGIX [2011.12.23 10:56:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Meridian93 [2012.01.29 23:06:32 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\MumboJumbo [2012.12.16 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Orneon [2010.11.01 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Panda Security [2011.06.12 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PC Suite [2011.01.07 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\phonostar GmbH [2011.05.28 12:59:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Pirateville [2011.02.21 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst [2011.02.25 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PoBros [2012.08.13 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ProtectDisc [2012.02.15 11:31:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\RobinsonCrusoeCER [2011.12.12 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Runes of Avalon 2 [2011.12.12 22:34:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Sahmon Games [2011.01.08 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SecretIslandGerman [2010.12.15 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Settlement. Colossus [2012.08.12 07:47:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SulusGames [2011.04.03 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Thinstall [2010.11.01 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Thunderbird [2012.08.11 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Try2 [2012.01.19 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Vast Studios [2011.02.27 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\YoudaGames ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:090FB735 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:AED33A42 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EEB25EAE @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5E9B629B < End of report > Und von OTL Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 21:16:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arne\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,39% Memory free 6,50 Gb Paging File | 5,03 Gb Available in Paging File | 77,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 837,99 Gb Free Space | 92,05% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,16 Gb Free Space | 55,81% Space Free | Partition Type: NTFS Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{6EEEF23B-584F-4C3A-B335-E27C3FD620D0}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{D558A73C-328A-4CBB-B0EC-DDB72599416A}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{925455BA-EEA2-4108-97F7-440DDC544947}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A412330D-855F-4032-9CF6-DC5142DFF097}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{323B5F3C-4968-4B24-A1B5-69250CA3B064}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{DDFAE053-ECFC-4887-91B6-77D13B56D910}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All "{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt? "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "{1A70582B-651A-402A-A80F-7E09A8D20230}" = Carol Reed 4 "{1C17CC71-2559-4819-88FF-EF2978986BB1}_is1" = 1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista "{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = AT-AR215 USB ADSL MODEM "{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New "{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English "{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static "{5E70B619-B3D0-4B50-B57E-5CEBE0201248}_is1" = freundin - Romance of Rome "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60356853-8141-8377-6786-285351479053}" = freundin:Jewel Empire-Hidden Secrets "{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1" = Robinson Crusoe "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish "{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light "{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation "{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese "{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian "{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut "{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4 "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery "{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D83D5D10-CF3E-4FDB-8639-35BC6FCB0F17}" = Carol Reed – Ein Mittsommernachtsmord "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish "{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FC80F921-2FC6-4AFB-9363-853792B20801}" = Fritz for Fun 6 "{FDE667A3-75BF-4488-912B-6876C53699FA}_is1" = Mahjongg - Ancient Mayas "{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Alabama Smith 2" = Alabama Smith 2 "Amulett der Elfen" = Amulett der Elfen "Aqua Bubble 2 (VOLLVERSION)" = Aqua Bubble 2 (VOLLVERSION) "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.6 "AvsP_is1" = AvsP "BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.5.3 "BFGC" = Big Fish Games: Game Manager "BFG-Echoes of the Past - Das Schloss der Schatten" = Echoes of the Past: Das Schloss der Schatten "BFG-Echoes of the Past - Das versteinerte Koenigshaus" = Echoes of the Past: Das versteinerte Koenigshaus "BFG-Enlightenus" = Enlightenus "BFG-Nick Chase and the Deadly Diamond" = Nick Chase and the Deadly Diamond "BFG-Strange Cases - Das Geheimnis der Tarotkarten" = Strange Cases: Das Geheimnis der Tarotkarten "Big City Adventure: New York City" = Big City Adventure: New York City (nur deinstallation) "CCleaner" = CCleaner "CrossWorlds – Die Stadt in den Wolken" = CrossWorlds – Die Stadt in den Wolken "Das Geheimnis der Azteken_is1" = Das Geheimnis der Azteken "Das Herz von Afrika" = Das Herz von Afrika "Das rätselhafte Kristall-Portal" = Das rätselhafte Kristall-Portal "Das Smaragd-Riff" = Das Smaragd-Riff "Das Vermächtnis der Insel" = Das Vermächtnis der Insel "Das Vermächtnis des Einhorns" = Das Vermächtnis des Einhorns "Der Stein der Weisen" = Der Stein der Weisen "Der vergessene Tote_is1" = Der vergessene Tote "Diamond Drop (VOLLVERSION)" = Diamond Drop (VOLLVERSION) "Die Abenteuer-Reise" = Die Abenteuer-Reise "Die Fisch-Oase" = Die Fisch-Oase "Die Runen Von Avalon 2" = Die Runen Von Avalon 2 "Die Sage von Kolossus" = Die Sage von Kolossus "Die verborgene Welt der Kunst 2" = Die verborgene Welt der Kunst 2 "Die Wiege Olympias 2" = Die Wiege Olympias 2 "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch "EPSON Scanner" = EPSON Scan "Fotobuch_is1" = Fotobuch "Foxit Reader" = Foxit Reader "Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031 "Gefangen: Die Entführung" = Gefangen: Die Entführung "Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus "Geheime Fälle: Vermisst in Rom" = Geheime Fälle: Vermisst in Rom "Geheimnis von Montezuma 2" = Geheimnis von Montezuma 2 "Goldfield (VOLLVERSION)" = Goldfield (VOLLVERSION) "Green Moon_is1" = Green Moon "Green Valley" = Green Valley "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HaaliMkx" = Haali Media Splitter "Hank" = Hank "HelixYUVCodecs" = Helix YUV Codecs (remove only) "Holly im Wunderland" = Holly im Wunderland "ImgBurn" = ImgBurn "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Intelli-studio" = SAMSUNG Intelli-studio "Jäger des Geisterhauses_is1" = Jäger des Geisterhauses "Jane Angel" = Jane Angel "Luxor - Quest For The Afterlife" = Luxor - Quest For The Afterlife "Magic Encyclopedia 3 - Illusionen" = Magic Encyclopedia 3 - Illusionen "Mahjongg Artifacts" = Mahjongg Artifacts "Mahjongg Artifacts 2" = Mahjongg Artifacts 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mystery Legends - Sleepy Hollow" = Mystery Legends - Sleepy Hollow "Nightfall Mysteries - Der Fluch der Oper" = Nightfall Mysteries - Der Fluch der Oper "Odyssee ins Ungewisse" = Odyssee ins Ungewisse "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.0 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Ritter Arthur" = Ritter Arthur "Sam and Max - Season One" = Sam and Max - Season One 1.0 "Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls "Schuld und Sühne: Raskolnikov" = Schuld und Sühne: Raskolnikov "Solitaire Quest 450_is1" = Solitaire Quest 450 "Sommermord_is1" = Sommermord "Spur der Träume" = Spur der Träume "Super Puzzle" = Super Puzzle "Tatort Museum" = Tatort Museum "Tatort NY: Der Fashion-Krimi" = Tatort NY: Der Fashion-Krimi "The Enchanted Kingdom: Elisa’s Adventure" = The Enchanted Kingdom: Elisa’s Adventure "The Hidden Object Show 2" = The Hidden Object Show 2 "Twisted Lands - Die Schattenstadt" = Twisted Lands - Die Schattenstadt "Waldmeister Sause XXL - Winteredition_is1" = Waldmeister Sause XXL - Winteredition "Waldmeister Sause XXL_is1" = Waldmeister Sause XXL "Wimmelbild Mystery Box" = Wimmelbild Mystery Box "WinLiveSuite_Wave3" = Windows Live Essentials "Winter Magic Bubbles_is1" = Winter Magic Bubbles "World of Wimmelbild 2" = World of Wimmelbild 2 "World Voyage" = World Voyage "Zen Fashion" = Zen Fashion ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.12.2012 17:05:56 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 11.12.2012 17:07:17 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 11.12.2012 17:08:44 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 11.12.2012 17:10:05 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 11.12.2012 17:10:45 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 11.12.2012 17:14:38 | Computer Name = Arne-PC | Source = RasClient | ID = 20227 Description = Error - 16.12.2012 16:05:47 | Computer Name = Arne-PC | Source = Windows Backup | ID = 4103 Description = Error - 24.12.2012 03:57:41 | Computer Name = Arne-PC | Source = Windows Backup | ID = 4103 Description = Error - 26.12.2012 07:21:11 | Computer Name = Arne-PC | Source = Application Hang | ID = 1002 Description = Programm ACDSeePro4.exe, Version 4.0.198.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aac Startzeit: 01cde35a7423c017 Endzeit: 31 Anwendungspfad: C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeePro4.exe Berichts-ID: 5696ec2c-4f4e-11e2-82b6-6c626d0f2e07 Error - 27.12.2012 12:19:07 | Computer Name = Arne-PC | Source = System Restore | ID = 8210 Description = [ System Events ] Error - 27.12.2012 12:47:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:47:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:48:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:48:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:49:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:49:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:50:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 12:50:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 13:27:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 27.12.2012 13:27:57 | Computer Name = Arne-PC | Source = DCOM | ID = 10010 Description = < End of report > |
28.12.2012, 09:28 | #4 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
28.12.2012, 12:36 | #5 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hallo, habe einen Scan durchgeführt. Er endete mit den Meldungen: Congratulations, no cleanup is required und Scan finished, no malware found. Scheint also alles im Lot zu sein ? Hier zur Sicherheit trotzdem das Logfile: Malwarebytes Anti-Rootkit 1.01.0.1011 Malwarebytes : Free Anti-Malware download Database version: v2012.12.28.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Arne :: ARNE-PC [administrator] 28.12.2012 12:24:58 mbar-log-2012-12-28 (12-24-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29030 Time elapsed: 11 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
28.12.2012, 13:32 | #6 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ --> GVU Trojaner wgsdgsdgdsdsd.dll h1n1 |
28.12.2012, 17:08 | #7 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hallo, habe combofix zum Laufen gebracht. Allerdings ist das Programm bei mir automatisch im Downloadbereich gespeichert worden (c:\users\Arne\Downloads\ComboFix.exe). Nachstehend die beiden Logfiles: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-28.02 - Arne 28.12.2012 16:30:21.1.4 - x86 ausgeführt von:: c:\users\Arne\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Arne\AppData\Roaming\ImgBurn.exe c:\users\Arne\AppData\Roaming\yuvcodecs-1.3.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-28 )))))))))))))))))))))))))))))) . . 2012-12-28 15:35 . 2012-12-28 15:38 -------- d-----w- c:\users\Arne\AppData\Local\temp 2012-12-28 15:35 . 2012-12-28 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-27 18:36 . 2012-12-27 18:36 -------- d-----w- c:\users\Arne\AppData\Roaming\Malwarebytes 2012-12-27 18:36 . 2012-12-27 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-27 18:36 . 2012-12-27 18:36 -------- d-----w- c:\programdata\Malwarebytes 2012-12-27 18:36 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-27 16:37 . 2012-12-27 16:37 -------- d-----w- c:\users\Arne\AppData\Roaming\Avira 2012-12-27 16:32 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-27 16:32 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-12-27 16:32 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-27 16:32 . 2012-12-27 16:32 -------- d-----w- c:\programdata\Avira 2012-12-27 16:32 . 2012-12-27 16:32 -------- d-----w- c:\program files\Avira 2012-12-26 21:39 . 2012-12-26 21:39 2865 ----a-w- c:\programdata\dsgsdgdsgdsgw.js 2012-12-26 11:12 . 2012-12-27 16:16 -------- d-----w- c:\users\Arne\AppData\Local\ACD Systems 2012-12-26 11:12 . 2012-12-26 11:12 -------- d-----w- c:\users\Arne\AppData\Roaming\ACD Systems 2012-12-26 11:10 . 2012-12-26 11:10 -------- d-----w- c:\programdata\ACD Systems 2012-12-26 11:09 . 2012-12-27 16:16 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-12-26 11:09 . 2012-12-26 11:09 -------- d-----w- c:\program files\ACD Systems 2012-12-26 11:07 . 2012-12-26 11:07 -------- d-----w- c:\users\Arne\AppData\Local\Downloaded Installations 2012-12-26 07:38 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5711C434-6E68-4206-BF11-AE21F67D9668}\mpengine.dll 2012-12-21 15:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 15:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-19 15:36 . 2012-12-19 15:38 -------- d-----w- c:\users\Arne\AppData\Roaming\ImgBurn 2012-12-15 22:11 . 2012-12-16 20:39 -------- d-----w- c:\users\Arne\AppData\Roaming\Orneon 2012-12-15 17:33 . 2012-12-15 20:24 -------- d-----w- c:\program files\Mozilla Thunderbird 2012-12-13 09:45 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 18:49 . 2012-12-11 18:49 -------- d-----w- c:\users\Arne\Languages 2012-12-11 18:49 . 2012-03-07 01:18 121376 ----a-w- c:\users\Arne\mp3DirectCut.exe 2012-12-07 19:16 . 2012-11-29 08:26 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 10:39 . 2012-06-16 10:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 10:39 . 2011-07-05 18:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-16 07:39 . 2012-11-28 11:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-14 16:40 . 2012-10-14 16:40 34936 ----a-w- c:\windows\system32\uninstHelixYUV.exe 2012-10-14 16:39 . 2012-10-14 16:39 7760687 ----a-w- c:\users\Arne\AppData\Roaming\SetupGFD.exe 2012-10-14 16:39 . 2012-10-14 16:39 5243208 ----a-w- c:\users\Arne\AppData\Roaming\AvsP.exe 2012-10-14 16:39 . 2012-10-14 16:39 1357348 ----a-w- c:\users\Arne\AppData\Roaming\MatroskaSplitter.exe 2012-10-14 16:39 . 2012-10-14 16:39 5082084 ----a-w- c:\users\Arne\AppData\Roaming\Avisynth.exe 2012-10-09 17:40 . 2012-11-15 10:16 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 10:16 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-15 10:18 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-15 10:18 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-15 10:18 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-15 10:18 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 10:18 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-15 10:18 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-15 10:18 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-15 10:18 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-29 08:26 . 2012-12-07 19:16 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-30 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk] path=c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk backup=c:\windows\pss\runctf.lnk.Startup backupExtension=.Startup . R3 adiusbae;AT-AR215 USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 10:39] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.aldi.com IE: Free YouTube Download - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 TCP: Interfaces\{5D83F242-C9CA-469F-809D-E2294A1CA395}: NameServer = 89.246.64.8 62.220.18.8 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\wtfjwvog.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_ptnrs=&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E&apn_dtid=OSJ000&&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM-Run-adiras - adiras.exe SafeBoot-BsScanner . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.032" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.abr" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ani" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.apd" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.arw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.bay" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.bmp" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.bw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.cr2" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.crw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.cs1" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.cur" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.dcr" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.dcx" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.dib" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.djv" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.djvu" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.dng" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.emf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.eps" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.erf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.fff" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.fpx" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.gif" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.hdr" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.icl" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.icn" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.iff" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ilbm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.int" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.inta" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.iw4" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.j2c" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.j2k" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jbr" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jfif" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jif" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jp2" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpc" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpe" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpeg" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpg" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpk" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.jpx" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.kdc" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.lbm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.mef" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.mos" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.mrw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.nef" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.nrw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.orf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pbm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pbr" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pcd" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pct" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pcx" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pef" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pgm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pic" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pict" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pix" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.png" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ppm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.psd" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.psp" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pspbrush" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.pspimage" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.raf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ras" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.raw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rgb" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rgba" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rle" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rsb" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rw2" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.rwl" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.sgi" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.sr2" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.srf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.srw" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.tga" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.thm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.tif" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.tiff" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ttc" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.ttf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.v40po" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.v40pp" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.v40ppf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.wbm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.wbmp" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.wmf" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.xbm" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.xif" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.xmp" . [HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 4.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Epson Software\Event Manager\EEventManager.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-12-28 16:42:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-12-28 15:42 . Vor Suchlauf: 8 Verzeichnis(se), 900.197.240.832 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 900.320.854.016 Bytes frei . - - End Of File - - CA6C14507A2FD8227C93FFB2DCFFB297 1 ABBYY FineReader 6.0 Sprint ACDSee Pro 4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.5 Alabama Smith 2 Albelli Fotobücher AMD USB Filter Driver Amulett der Elfen Aqua Bubble 2 (VOLLVERSION) Ask Toolbar Ask Toolbar Updater AT-AR215 USB ADSL MODEM ATI Catalyst Install Manager Avira Free Antivirus AviSynth 2.6 AvsP Big City Adventure: New York City (nur deinstallation) Big City Mystery Big Fish Games: Game Manager Bing Bar Carol Reed 4 Carol Reed – Ein Mittsommernachtsmord Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish CCleaner CDBurnerXP CrossWorlds – Die Stadt in den Wolken CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD Copy Das Geheimnis der Azteken Das Herz von Afrika Das rätselhafte Kristall-Portal Das Smaragd-Riff Das Vermächtnis der Insel Das Vermächtnis des Einhorns Der Stein der Weisen Der vergessene Tote DEUTSCHLAND SPIELT GAME CENTER Diamond Drop (VOLLVERSION) Die Abenteuer-Reise Die Fisch-Oase Die Runen Von Avalon 2 Die Sage von Kolossus Die verborgene Welt der Kunst 2 Die Wiege Olympias 2 DVD slideshow GUI 0.9.5.3 Echoes of the Past: Das Schloss der Schatten Echoes of the Past: Das versteinerte Koenigshaus Enlightenus Epson Copy Utility 3.4 Epson Event Manager EPSON PERFECTION V30_V300 PHOTO Handbuch EPSON Scan Firebird SQL Server - MAGIX Edition Fotobuch Foxit Reader Free YouTube Download version 3.1.40.1031 Free YouTube to MP3 Converter version 3.11.35.1031 freundin - Romance of Rome freundin:Jewel Empire-Hidden Secrets Fritz for Fun 6 Gefangen: Die Entführung Geheime Fälle: Die gestohlene Venus Geheime Fälle: Vermisst in Rom Geheimnis von Montezuma 2 Goldfield (VOLLVERSION) Green Moon Green Valley GUI for dvdauthor 1.07 Haali Media Splitter Hank Helix YUV Codecs (remove only) Holly - Ein Weihnachtsmärchen Holly im Wunderland Hollywood - Directors Cut ImgBurn Jane Angel Java 7 Update 9 Java Auto Updater Java(TM) 6 Update 34 Jäger des Geisterhauses Junk Mail filter update Luxor - Quest For The Afterlife Magic Encyclopedia 3 - Illusionen Mahjongg - Ancient Mayas Mahjongg Artifacts Mahjongg Artifacts 2 Malwarebytes Anti-Malware Version 1.65.1.1000 Medion Home Cinema Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2000 Premium Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 17.0.1 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 17.0 (x86 de) MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Legends - Sleepy Hollow Nick Chase and the Deadly Diamond Nightfall Mysteries - Der Fluch der Oper Odyssee ins Ungewisse OGA Notifier 2.0.0048.0 PC Connectivity Solution phonostar-Player Version 3.02.0 PlayReady PC Runtime x86 ProtectDisc Driver, Version 11 Realtek High Definition Audio Driver Ritter Arthur Robinson Crusoe Sam and Max - Season One 1.0 SAMSUNG Intelli-studio Sandra Fleming Chronicles – Crystal Skulls Schuld und Sühne: Raskolnikov Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sid Meier's Pirates! Simon the Sorcerer - Wer will schon Kontakt? Solitaire Quest 450 Sommermord Spelling Dictionaries Support For Adobe Reader 9 Spur der Träume Strange Cases: Das Geheimnis der Tarotkarten Super Puzzle Tatort Museum Tatort NY: Der Fashion-Krimi The Enchanted Kingdom: Elisa’s Adventure The Hidden Object Show 2 Twisted Lands - Die Schattenstadt Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual C++ 9.0 CRT (x86) WinSXS MSM Waldmeister Sause XXL Waldmeister Sause XXL - Winteredition Wimmelbild Mystery Box Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live-Uploadtool Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID-Anmelde-Assistent Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Winter Magic Bubbles World of Wimmelbild 2 World Voyage Zen Fashion |
28.12.2012, 20:32 | #8 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Sehr gut! ESET Online Scanner Vorbereitung
|
29.12.2012, 15:37 | #9 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hier das Logfile vom Scan mit dem ESET Online Scanner: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f9e220f3c5663b41b64be5c334a3902a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-29 01:07:58 # local_time=2012-12-29 02:07:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 15489 222209768 8271 0 # compatibility_mode=5893 16776574 100 94 228497 108417669 0 0 # scanned=245428 # found=5 # cleaned=5 # scan_time=11478 C:\Windows\pss\runctf.lnk.Startup Win32/Reveton.M trojan (cleaned by deleting - quarantined) A14A4BBF136D921A40AFA6692E7091EAF13D5402 C J:\ARNE-PC\Backup Set 2011-02-06 115244\Backup Files 2011-02-06 115244\Backup files 1.zip Java/TrojanDownloader.OpenStream.NAX trojan (deleted - quarantined) 8744ED2A9440C90149FFB485AF4DB46A4C48D787 C J:\ARNE-PC\Backup Set 2011-08-21 192818\Backup Files 2011-08-21 192818\Backup files 1.zip Java/TrojanDownloader.OpenStream.NAX trojan (deleted - quarantined) 6C6C986DE6FAC3E059B11FAFE51B2CE136736F41 C J:\ARNE-PC\Backup Set 2011-08-21 192818\Backup Files 2012-07-08 211158\Backup files 2.zip a variant of Java/Exploit.CVE-2012-0507.CC trojan (deleted - quarantined) 254F19531D1B8D417748B12F2558DDC80CEB0EB4 C J:\ARNE-PC\Backup Set 2012-12-02 190000\Backup Files 2012-12-02 190000\Backup files 2.zip a variant of Java/Exploit.CVE-2012-0507.CC trojan (deleted - quarantined) 19D3C961E0E8C076C911D7E1C9346912B665768D C |
29.12.2012, 17:10 | #10 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
29.12.2012, 18:05 | #11 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hallo, habe die Aktualisierungen vonm Java vorgenommen. Hier sind nun noch die gewünschten Posts: PluginCheck 1 PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 17.0 ist aktuell Flash (11,5,502,135) ist aktuell. Java (1,7,0,10) ist aktuell. Adobe Reader ist nicht installiert oder aktiviert. Zurück PluginCheck2 PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 17.0 ist aktuell Flash (11,5,502,135) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader ist nicht installiert oder aktiviert. |
30.12.2012, 09:39 | #12 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
30.12.2012, 12:45 | #13 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Prima ! Vielen Dank für Deine bisherige Hilfe. Wäre sonst wohl hoffnungslos aufgeschmissen gewesen. Werde Eure allgemeinen Tipps künftig auf jeden Fall beherzigen. Eine letzte Frage hätte ich dann allerdings doch noch: Wenn ich unter "msconfig" den Reiter Systemstart aufrufe findet sich unter den Befehlen immer noch folgende Zeile "C:\Windows\System32\rundll32.exe C:\Users\Arne\wgsdgsdgdsdsd.dll h1n1" Diese Zeile ist allerdings deaktiviert (kein Haken). Als Ort ist "C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" angegeben. Habe über den Windows-Explorer versucht, da mal nachzuschauen. Diese Ordner sind aber so gar nicht vorhanden. |
30.12.2012, 14:09 | #14 |
/// Helfer-Team | GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Scan mit SystemLook Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus. Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden). Download Mirror #1 User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
|
30.12.2012, 19:02 | #15 |
| GVU Trojaner wgsdgsdgdsdsd.dll h1n1 Hallo, hier die Textdatei aus dem Scan mit SystemLook: SystemLook 30.07.11 by jpshortstuff Log created at 18:59 on 30/12/2012 by Arne Administrator - Elevation successful ========== regfind ========== Searching for "wgsdgsdgdsdsd.dll" No data found. ========== folderfind ========== Searching for "wgsdgsdgdsdsd.dll" No folders found. ========== filefind ========== Searching for "wgsdgsdgdsdsd.dll" No files found. -= EOF =- |
Themen zu GVU Trojaner wgsdgsdgdsdsd.dll h1n1 |
antivir, aufforderung, bekannte, bestimmte, bestimmten, einfach, eingefangen, gefangen, gefunde, häufig, meldung, modul, neustart, programm, start, trojan.backdoor, trojaner, versucht, virenprogramm, virus, windows, windows 7, zicken |