|
Plagegeister aller Art und deren Bekämpfung: Ihavenet VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.01.2013, 22:40 | #1 |
| Ihavenet Virus Hallo, Ich denke, dass der PC meiner Schwiegermutter den ihavenet-Virus hat. Fast jedes Mal wenn sie einen neuen Tab im Firefox öffnet wird sie auf ihavenet weitergeleitet. OTL und GMER Logfiles habe ich angehängt, und hoff ihr könnt mir helfen. Danke, Joshi OTL: OTL logfile created on: 07.01.2013 21:59:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,87% Memory free 8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 94,60 Gb Free Space | 63,47% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 901,25 Gb Free Space | 96,75% Space Free | Partition Type: NTFS Drive F: | 297,96 Gb Total Space | 252,19 Gb Free Space | 84,64% Space Free | Partition Type: NTFS Computer Name: MONI-PC | User Name: Moni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.07 21:55:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe PRC - [2012.12.06 09:59:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla\Firefox\firefox.exe PRC - [2012.12.06 09:59:14 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla\Firefox\plugin-container.exe PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.07.27 21:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.06 09:59:14 | 002,397,152 | ---- | M] () -- E:\Programme\Mozilla\Firefox\mozjs.dll MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2012.10.12 19:33:32 | 000,045,568 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU MOD - [2012.10.08 08:01:07 | 000,014,336 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU MOD - [2012.10.08 08:00:52 | 002,682,880 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU MOD - [2012.10.08 08:00:52 | 000,100,352 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU MOD - [2012.10.08 08:00:51 | 001,180,160 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU MOD - [2012.10.08 08:00:51 | 000,316,416 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU MOD - [2012.10.08 08:00:50 | 001,319,424 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU MOD - [2012.10.08 08:00:22 | 009,388,544 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu MOD - [2012.07.27 21:51:40 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU MOD - [2012.07.27 21:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 10:03:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Programme\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.28 16:05:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- E:\Programme\TuneUp Utilities\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- E:\Programme\Samsung PC Manager\WiselinkPro.exe -- (AllShare) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2011.11.24 14:34:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- E:\Programme\TuneUp Utilities\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 7E 56 4E A5 A4 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: E:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Programme\Mozilla\Firefox\components [2012.12.06 09:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Programme\Mozilla\Firefox\components [2012.12.06 09:59:14 | 000,000,000 | ---D | M] [2012.10.07 17:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\Extensions [2012.11.24 18:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\Firefox\Profiles\4wnao9by.default\extensions [2012.11.24 18:46:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\firefox\profiles\4wnao9by.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BCSSync] E:\Programme\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKCU..\Run: [YKUNONL] C:\Users\Moni\AppData\Roaming\dispexr.dll () O4 - Startup: C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Programme\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Programme\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED45E8FD-7C0F-42DE-AB19-F45B41255487}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.05 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\NVIDIA [2013.01.05 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Local\Daedalic Entertainment [2013.01.05 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2013.01.05 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2013.01.05 20:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2013.01.05 20:44:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2013.01.05 20:44:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys [2013.01.05 17:59:35 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\puls [2013.01.05 17:57:51 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\1 [2013.01.05 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\michi classigcs [2012.12.18 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Local\Kobo [2012.12.18 15:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo [2012.12.18 15:39:05 | 000,000,000 | ---D | C] -- C:\Windows\tmp [2012.12.18 15:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo [2012.12.17 11:31:48 | 000,000,000 | ---D | C] -- C:\probe [2012.12.16 13:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2012.12.16 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2012.12.16 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.12.15 16:23:30 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\Volbeat Musik Stick [2012.12.15 16:22:20 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\F1stick [2012.12.11 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\Skype [2012.12.11 18:53:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.11 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.11 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.11 18:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype ========== Files - Modified Within 30 Days ========== [2013.01.07 21:55:42 | 000,000,000 | ---- | M] () -- C:\Users\Moni\defogger_reenable [2013.01.07 21:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.07 21:37:18 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.07 21:37:18 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.07 21:35:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.07 21:35:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.07 21:35:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.07 21:35:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.07 21:35:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.07 21:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.07 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.07 11:37:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.07 11:37:09 | 3220,774,912 | -HS- | M] () -- C:\hiberfil.sys [2013.01.05 21:07:09 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Deponia.lnk [2013.01.05 20:53:40 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Chaos auf Deponia.lnk [2013.01.05 20:45:35 | 000,000,624 | ---- | M] () -- C:\Users\Moni\Desktop\MagicDisc.lnk [2013.01.05 20:45:35 | 000,000,624 | ---- | M] () -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013.01.04 14:18:19 | 000,338,832 | ---- | M] () -- C:\Users\Moni\Documents\Scan firma.pdf [2013.01.04 14:17:06 | 000,298,630 | ---- | M] () -- C:\Users\Moni\Documents\Scan firma rück..pdf [2012.12.28 17:03:39 | 000,462,747 | ---- | M] () -- C:\Users\Moni\Documents\zeugnis 2011.jpg [2012.12.22 10:23:25 | 000,340,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 17:30:07 | 000,269,830 | ---- | M] () -- C:\Users\Moni\Documents\impfung.jpg [2012.12.19 10:55:34 | 000,382,720 | ---- | M] () -- C:\Users\Moni\Documents\krankenschein.jpg [2012.12.18 16:39:24 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.12.16 13:52:53 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2012.12.11 18:53:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2013.01.07 21:55:42 | 000,000,000 | ---- | C] () -- C:\Users\Moni\defogger_reenable [2013.01.05 21:07:09 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Deponia.lnk [2013.01.05 20:53:40 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Chaos auf Deponia.lnk [2013.01.05 20:45:35 | 000,000,624 | ---- | C] () -- C:\Users\Moni\Desktop\MagicDisc.lnk [2013.01.05 20:45:35 | 000,000,624 | ---- | C] () -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013.01.04 14:18:19 | 000,338,832 | ---- | C] () -- C:\Users\Moni\Documents\Scan firma.pdf [2013.01.04 14:17:06 | 000,298,630 | ---- | C] () -- C:\Users\Moni\Documents\Scan firma rück..pdf [2012.12.28 17:03:39 | 000,462,747 | ---- | C] () -- C:\Users\Moni\Documents\zeugnis 2011.jpg [2012.12.20 17:30:07 | 000,269,830 | ---- | C] () -- C:\Users\Moni\Documents\impfung.jpg [2012.12.19 10:55:34 | 000,382,720 | ---- | C] () -- C:\Users\Moni\Documents\krankenschein.jpg [2012.12.18 15:39:08 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.12.11 18:53:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.07 15:10:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.11.20 11:05:32 | 000,126,976 | RHS- | C] () -- C:\Users\Moni\AppData\Roaming\dispexr.dll [2012.10.09 10:33:32 | 000,212,502 | ---- | C] () -- C:\Users\Moni\salge152.zip ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.07 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Moni\AppData\Roaming\TuneUp Software [2012.10.17 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Moni\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 07.01.2013 21:59:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,87% Memory free 8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 94,60 Gb Free Space | 63,47% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 901,25 Gb Free Space | 96,75% Space Free | Partition Type: NTFS Drive F: | 297,96 Gb Total Space | 252,19 Gb Free Space | 84,64% Space Free | Partition Type: NTFS Computer Name: MONI-PC | User Name: Moni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0388881F-3931-4E31-BEB8-A45ACF1C0712}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe | "{0F52E777-5D5D-4939-8A7C-7E6E5E5B3D21}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "{1319E1B2-1710-47B8-9E2B-A2186E64C141}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{1AA0C492-9ADB-4782-BC5E-241FB706D75F}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe | "{20BF3430-FA09-42AE-98E1-C7114051B429}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{21C33F26-8954-4301-A777-D81AD0C54638}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "{29EDDE1E-E3CE-401C-98E4-237CD96C8D99}" = protocol=6 | dir=in | app=e:\programme\microsoft office 2010\office14\groove.exe | "{321CFBDE-B084-4FBE-BFB7-2CA66E7C88EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{356AD5FB-F365-4734-819A-F1A54F28C09F}" = protocol=17 | dir=in | app=e:\programme\microsoft office 2010\office14\groove.exe | "{6ACCA12A-45CF-4083-9C8F-C8D5036C2EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{6B9DE85B-1682-4911-BC16-B87E5DE25CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\5c069542-ca13-4f1b-b90c-28c6430f4992\installer\hpbcsiinstaller.exe | "{6CC71CD0-7F8F-41F8-8273-A8AA87781ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{70FC4FB4-292C-4E02-8E3B-DA28A99BD7FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{765D5085-1832-4CE4-A05A-6720414D8F15}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{78BAFCC6-BA49-4A7C-978E-3A37ECBBAB67}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe | "{7ED62FCC-2462-4C38-845B-5788BD1816B0}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe | "{808A525A-AA42-4CFA-AF30-40D7B49CA9F7}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe | "{84F1DE5D-2850-4941-81F1-76A29E64E960}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe | "{8DE6B988-F66D-4522-BBC0-AFF3BBE8814D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{921C8992-37A0-4585-8E29-E0A09897C2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\5c069542-ca13-4f1b-b90c-28c6430f4992\installer\hpbcsiinstaller.exe | "{9289D3E1-8FC2-430B-BEEE-21117506B99B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B5D5B60A-E739-4AC7-B549-58FED1184577}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe | "{B945DE95-C0A0-451D-A97A-D6C91B0CE540}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe | "{D0220ED0-85BE-44FF-A457-03D798B8AB43}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "TCP Query User{1292DC99-BF4B-4777-92B2-5173E88F8802}E:\programme\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\programme\jdownloader\jre\bin\javaw.exe | "UDP Query User{A6F6B395-5A3F-46AC-A752-18E590B37098}E:\programme\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\programme\jdownloader\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "5513-1208-7298-9440" = JDownloader 0.9 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Deponia" = Deponia "Deponia 2" = Chaos auf Deponia "Digital Editions" = Adobe Digital Editions "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "Kobo" = Kobo "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "VLC media player" = VLC media player 2.0.3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.12.2012 12:43:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 29.12.2012 12:43:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.12.2012 09:29:06 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.12.2012 09:29:06 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.12.2012 09:29:07 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.01.2013 08:18:13 | Computer Name = Moni-PC | Source = Software Protection Platform Service | ID = 8200 Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C532 Error - 06.01.2013 08:18:13 | Computer Name = Moni-PC | Source = Software Protection Platform Service | ID = 8208 Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C532) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f. [ System Events ] Error - 25.11.2012 13:55:27 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SAMSUNG AllShare Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = DCOM | ID = 10005 Description = Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 05.12.2012 14:19:04 | Computer Name = Moni-PC | Source = DCOM | ID = 10010 Description = Error - 05.12.2012 14:41:45 | Computer Name = Moni-PC | Source = DCOM | ID = 10010 Description = Error - 22.12.2012 11:38:31 | Computer Name = Moni-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden. Error - 07.01.2013 16:37:39 | Computer Name = Moni-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 07.01.2013 16:37:40 | Computer Name = Moni-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 07.01.2013 16:38:31 | Computer Name = Moni-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. < End of report > Gmer: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-07 22:34:36 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600AAJS-00PSA0 rev.05.06H05 149,05GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Moni\AppData\Local\Temp\kxldypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000746c1401 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000746c1419 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000746c1431 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000746c144a 2 bytes [6C, 74] .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746c14dd 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746c14f5 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000746c150d 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000746c1525 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000746c153d 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000746c1555 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000746c156d 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000746c1585 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000746c159d 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746c15b5 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746c15cd 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746c16b2 2 bytes [6C, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746c16bd 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000746c1401 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000746c1419 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000746c1431 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000746c144a 2 bytes [6C, 74] .text ... * 9 .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000746c14dd 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000746c14f5 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000746c150d 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000746c1525 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000746c153d 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000746c1555 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000746c156d 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000746c1585 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000746c159d 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000746c15b5 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000746c15cd 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000746c16b2 2 bytes [6C, 74] .text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000746c16bd 2 bytes [6C, 74] ---- Threads - GMER 2.0 ---- Thread C:\Windows\SysWOW64\rundll32.exe [2828:1936] 00000000001f0130 Thread C:\Windows\SysWOW64\rundll32.exe [2828:1924] 0000000000193a80 Thread C:\Windows\SysWOW64\rundll32.exe [2828:2556] 0000000000193a10 Thread C:\Windows\SysWOW64\rundll32.exe [2828:3520] 0000000000295cfe Thread C:\Windows\SysWOW64\rundll32.exe [2828:3524] 0000000000292ea6 Thread C:\Windows\SysWOW64\rundll32.exe [2828:3528] 00000000002933de Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3904] 0000000070f4fee5 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2956] 0000000070f48f6c Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3652] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3656] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3624] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1020] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1916] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2748] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3680] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3308] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1624] 00000000049c91d7 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3504] 0000000076fd2e3e Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3116] 00000000049a9429 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1976] 00000000049a9516 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1864] 0000000073cd32fb Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3304] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3616] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3544] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:644] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2000] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3620] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3260] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3276] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2508] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1148] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3396] 00000000739e2733 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3736] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2460] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1956] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3868] 0000000076fd3e59 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1900] 0000000070a82f69 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2272] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3344] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1876] 000000007165a32a Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1856] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3244] 0000000073496f14 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2984] 0000000076fd3e59 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:4008] 000000007369c724 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:4012] 0000000076fd3e59 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:240] 0000000076fd3e59 Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2756] 0000000076fd7129 Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:3480] 0000000070f48f6c Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:196] 0000000070a82f69 Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:1780] 0000000076fd3e59 Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:1944] 0000000076fd7129 Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:2620] 0000000076fd3e59 Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2960:3756] 0000000076fd2e3e Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3888] 0000000076fd2e3e Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3440] 000000006e78eca7 Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3236] 000000007279345e Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3552] 0000000068a9e600 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4064] 000007fef10b0000 ---- EOF - GMER 2.0 ---- Bitte um rasche Hilfe! |
07.01.2013, 22:52 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
08.01.2013, 09:00 | #3 |
| Ihavenet Virus Nein habe sonst leider keine anderen Logfiles zur Verfügung.
__________________ |
08.01.2013, 20:03 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Ihavenet Virus |
7-zip, adobe, autorun, bho, browser, error, explorer, fehler, firefox, flash player, format, install.exe, jdownloader, mozilla, musik, nvidia, nvidia update, plug-in, realtek, registry, rundll, scan, software, svchost.exe, temp, udp, virus, windows, öffnet |