| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV Problem... Wie wohl leider viele :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2013, 19:45
| #1 |
| |  GUV Problem... Wie wohl leider viele :( Hallo Forum, ich heiße Florian und brauche eure Hilfe. Ich habe mir wohl den GUV eingefangen. Ich habe bisher keine weiteren Versuche unternommen den wieder los zu bekommen. Ich habe nur das System im abgesicherten Modus wieder hochgefahren und im Netz nach Lösungen gesucht. Das OTL Tool läuft bereits, dauert wohl ne ganze Weile  Der Rechner ist auch nicht so ganz aktuell, ich gelobe Besserung. Edit, eben sind die Files gekommen. Here we go: Code:
ATTFilter OTL Extras logfile created on: 17.01.2013 19:31:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam_Wu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,10% Memory free
4,00 Gb Paging File | 3,21 Gb Available in Paging File | 80,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 60,12 Gb Free Space | 40,34% Space Free | Partition Type: NTFS
Computer Name: Rechenknecht | User Name: Sam_Wu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08797D2F-6078-489D-BEB4-D34C7187A510}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13CBECB8-9C70-40C3-A763-379AB71855B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{15EFD60C-8AFE-4DE9-AB02-E489925A3762}" = rport=139 | protocol=6 | dir=out | app=system |
"{1CEAF302-FB2E-4B61-A3E9-41D7F4E030A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E81D243-0C40-4637-BB74-6A6C74B0E6CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F71EB7E-8CF4-4CB4-BC48-BD5BB3369B00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AB61A7D-D1B6-4CEA-9809-556F090B2EBF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A9941D5-12E9-4716-A307-40536DB2445B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4335DEC0-5C75-4AED-A0E0-FC8767517209}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{4DB60CD6-1070-48EA-A411-01BF13F4F239}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58E110F7-A255-476D-A302-A73281638419}" = lport=139 | protocol=6 | dir=in | app=system |
"{717C7C2B-6DB7-4A03-8621-69D21A350C11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8157EFE8-3279-441C-85F7-B3CA109D5B56}" = lport=10243 | protocol=6 | dir=in | app=system |
"{81F66743-603C-4C5F-8112-ADE4B401D147}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8219052A-6AB9-472E-AB75-53AFB151E6C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83DE226B-5D04-44AD-98DA-ACB1AB27163D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8478BA16-002D-4C40-85B3-FF9DEAAC8741}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1953930-31F1-4DC7-97FF-CE37755AC239}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC7E8C47-C9BD-4332-A528-F796BC20C264}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF130865-9BDC-45B0-9AFF-C829C199E2EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFC095D4-EB03-402E-B664-9C527BBB5AB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F448E486-E7F0-4C57-842C-25CAFB946767}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCF3AABC-3DB6-4DA9-B042-C48476E3C4A4}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C7FE28-DF12-49B4-B237-D4414220D61B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{03B8AAC5-274B-43E3-B477-D76976B2377B}" = dir=in | app=c:\users\Sam_Wu\appdata\local\temp\7zs617a\setup\hpznui40.exe |
"{03DAB036-768A-4778-88B1-6FB300477236}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{122360BB-0236-4E30-A113-D7EE44471914}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{18339FA9-4DC0-48BD-8447-7C6B18F30F31}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1ACA945B-390F-40BE-ACE9-E9F418609C18}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{21A52491-DC94-4272-B592-BD2CA3ECB68F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{23E62E55-0481-4758-8EB8-1B38BFE86E90}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{26F89E73-7BAD-4DCA-A45E-62B23F5AAF54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{28CF4AE2-1185-4698-827E-40BDB004D47E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36DE16C7-B818-4CB8-A017-9869E210355D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4420AE5F-3BFA-4114-B4BF-52611BE3672D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4536E7A7-A3AA-4493-8728-11D8DD97FB3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49712C84-892B-4FD6-B744-0358DE5055F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{554D3FB8-3C8E-434B-AB25-14E06769E5C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5744D119-8128-4ABA-9321-90D271D7852C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{577ACB7A-1C0F-48AC-B129-E3CBD17B4581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B89D7B2-2B3F-4B5A-97D4-485AF2583D8E}" = protocol=17 | dir=in | app=c:\program files\opera.exe |
"{5C53B937-342C-4D7B-BFA2-F449EBD30830}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C89D748-E05A-4DF3-9DAA-8CAB93153510}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{65576D74-266D-494E-AAE3-B40C33B801A7}" = protocol=6 | dir=in | app=c:\program files\opera.exe |
"{69B1AE27-CF12-4491-AD50-B87EA6AF0255}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{71075D77-94BD-487B-BE32-F48DE3513734}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{724D0B16-573F-42B4-8BF5-6D06562A6A8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{727C2918-C573-496C-8E73-A096BFFA8FF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{75BAEC12-C4D2-4223-ACAF-F38B94666827}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7A3CDE00-7271-4575-85CE-F9969238AA8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{82C6158C-7CDA-4A41-8DB4-E57AE91EEC10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{87137D68-4F32-4118-B50E-18FDE0C356F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{981B16D4-1A9A-4F24-B9B1-6DC49AA1F1CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A11EBE20-B386-413A-A32F-55F3C3DF2EBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{A67DE40D-89D3-46C7-A8AA-9898F216CE52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A79A3C30-033A-4D90-9F6B-72B9900287C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9ACA8B6-C344-450E-9510-5CD32CDED15A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AA1016E6-CF91-4669-8D11-5D726B531A9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{AFE6CEFE-8D82-4D53-AC89-314DEA36C217}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{BA534C7D-1A3A-4CF8-8171-801EEB95EB95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C056EC51-24A6-47BB-B50E-FE5095D49BE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4164790-0085-4664-8756-995651959414}" = protocol=6 | dir=out | app=system |
"{C92E28E2-2264-4A64-BA1B-800416B565D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C96C4327-0296-47B2-AB05-19486EEA758E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{CD517123-FF5F-421E-874D-C531809556C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D366D62B-70B5-41E5-95F7-CBFB58FF6963}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC691993-4D47-4D39-A688-3057E8971A01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC9898E6-DB00-44FC-8668-0C38B3C1D03B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{DFDD991E-E914-4998-A7E7-C8C86C0C2C31}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E01C6826-5E89-48BA-BBFC-6E548D6AED3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E2EC7269-CD83-48A4-99EE-C6A082CD720A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5C32531-1979-452B-9DE3-A457C2FF0D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E8C1C63B-895A-499D-9175-E00593D2EB6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{ECFB7ED5-67C8-4B4D-A670-2C7DEBAD4692}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FAD4586A-8D2F-4C1E-AB7E-B49577FC9CEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{FC650181-3EC3-430C-BEEF-81D6DFA8D672}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"TCP Query User{37E74F8D-A752-4171-8323-C979E7EBF6E2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{4506D815-2D97-4613-B8D8-8B9914CEF8D3}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{5F514AD6-72C6-48F6-96D1-65E2DA8D8BF5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{669A3830-D4A6-4BF5-8C60-3A5A9625D0AE}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{780F0184-89B6-44D6-B217-939D7C5D55D3}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0CDC6CB8-1BCC-49EA-B85F-EB3DE96831D4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2901BC7D-3D5F-406D-9871-BDC4797F4D8F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{860AD71D-FF83-4D69-B11C-4072D181E0E6}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{96355121-BCDA-4564-8F64-D47B912C8178}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{D21312DB-1F39-4809-B9A1-249716A7DBBD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.10
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF1C5B60-29DE-463C-BF2C-708D95F3F752}" = Garmin BaseCamp
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Fences" = Fences
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"IrfanView" = IrfanView (remove only)
"Opera 11.64.1403" = Opera 11.64
"Streamripper" = Streamripper (Remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Reader" = PDF Reader
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.08.2012 15:39:58 | Computer Name = Rechenknecht | Source = Application Hang | ID = 1002
Description = Programm i_view32.exe, Version 4.2.8.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a94 Startzeit:
01cd7666907e52c0 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\IrfanView\i_view32.exe
Berichts-ID:
fe9aad31-e259-11e1-9010-001b382902b0
Error - 22.08.2012 10:47:00 | Computer Name = Rechenknecht | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: print.exe, Version: 2.8.0.0, Zeitstempel:
0x4fa52a0c Name des fehlerhaften Moduls: libgtk-win32-2.0-0.dll, Version: 2.24.10.0,
Zeitstempel: 0x4f5d462e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000002342cf
ID
des fehlerhaften Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01cd8074f89d878c
Pfad
der fehlerhaften Anwendung: C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\print.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\GIMP 2\bin\libgtk-win32-2.0-0.dll Berichtskennung:
3a113c2c-ec68-11e1-8c98-001b382902b0
Error - 22.08.2012 10:47:08 | Computer Name = Rechenknecht | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: print.exe, Version: 2.8.0.0, Zeitstempel:
0x4fa52a0c Name des fehlerhaften Moduls: libgtk-win32-2.0-0.dll, Version: 2.24.10.0,
Zeitstempel: 0x4f5d462e Ausnahmecode: 0xc000041d Fehleroffset: 0x00000000002342cf
ID
des fehlerhaften Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01cd8074f89d878c
Pfad
der fehlerhaften Anwendung: C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\print.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\GIMP 2\bin\libgtk-win32-2.0-0.dll Berichtskennung:
3eb65a3c-ec68-11e1-8c98-001b382902b0
Error - 09.10.2012 10:51:20 | Computer Name = Rechenknecht | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091,
Zeitstempel: 0x4d00b3a0 Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.0.3091,
Zeitstempel: 0x4d00b3a0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000401c1 ID des fehlerhaften
Prozesses: 0x7b4 Startzeit der fehlerhaften Anwendung: 0x01cda6028f6fd220 Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Winamp\winamp.exe Berichtskennung: c93d3d8c-1220-11e2-8658-001b382902b0
Error - 20.10.2012 11:21:24 | Computer Name = Rechenknecht | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3234,
Zeitstempel: 0x4fe1f6d1 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003b36a ID des fehlerhaften
Prozesses: 0x1254 Startzeit der fehlerhaften Anwendung: 0x01cdaed573da2c3c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
cea30ebc-1ac9-11e2-b6b6-001b382902b0
Error - 30.11.2012 02:00:54 | Computer Name = Rechenknecht | Source = MsiInstaller | ID = 11609
Description =
Error - 07.12.2012 12:59:35 | Computer Name = Rechenknecht | Source = MsiInstaller | ID = 11609
Description =
Error - 15.12.2012 08:56:43 | Computer Name = Rechenknecht | Source = MsiInstaller | ID = 11609
Description =
Error - 01.01.2013 10:09:16 | Computer Name = Rechenknecht | Source = MsiInstaller | ID = 11609
Description =
Error - 12.01.2013 12:26:25 | Computer Name = Rechenknecht | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 21.11.2012 14:39:41 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 21.11.2012 14:39:41 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 22.11.2012 14:43:03 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 22.11.2012 14:43:03 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 23.11.2012 02:15:27 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 23.11.2012 02:15:27 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 23.11.2012 02:32:56 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 23.11.2012 02:32:58 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 24.11.2012 04:26:27 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 24.11.2012 04:26:27 | Computer Name = Rechenknecht | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report >
Code:
ATTFilter OTL logfile created on: 17.01.2013 19:31:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam_Wu\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,10% Memory free 4,00 Gb Paging File | 3,21 Gb Available in Paging File | 80,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 60,12 Gb Free Space | 40,34% Space Free | Partition Type: NTFS Computer Name: rechenknecht | User Name: Sam_Wu | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sam_Wu\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Adobe\Reader\AcroRd32.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Users\Sam_Wu\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 27 F6 FA 26 CA CB 01 [binary data] IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.11 19:51:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.11 19:51:54 | 000,000,000 | ---D | M] [2012.05.13 18:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2257465670-2366302640-3037941537-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Sam_Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sam_Wu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sam_Wu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Sam_Wu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sam_Wu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{652B28F1-B256-471B-99FC-AD44E408AB75}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B466A406-FA19-4122-AF0A-C8A7B1512CF9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Fences\FencesMenu64.dll (Stardock) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.17 19:23:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam_Wu\Desktop\OTL.exe [2013.01.17 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.12 17:45:52 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.12 17:45:52 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.12 17:45:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.12 17:45:22 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.12 17:45:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.12 17:45:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.12 17:45:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.12 17:45:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.12 17:45:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.12 17:45:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.12 17:45:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.12 17:45:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.12 17:45:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.12 17:45:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.12 17:45:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.12 17:45:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.12 17:45:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.12 17:45:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.12 17:45:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.12 17:45:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.12 17:45:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.12 17:45:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.12 17:45:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.12 17:45:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.12 17:45:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.12 17:45:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.12 17:45:14 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.12 17:45:14 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.12 17:45:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.12 17:45:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.12 17:45:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.12 17:45:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.12 17:45:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.12 17:45:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.12 17:45:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.12 17:45:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.12 17:44:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.12 17:44:36 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.12 17:44:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.12 17:44:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.12 17:44:35 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.12 17:44:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.12 17:44:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.12 17:44:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.12 17:44:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.12 17:44:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.12 17:44:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.12 17:44:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.12 17:44:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.12 17:44:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 17:44:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 17:44:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 17:44:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.12 17:44:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.12 17:44:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.12 17:44:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 17:44:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 17:44:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.12 17:44:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.12 17:44:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.12 17:43:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.01 17:10:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.01.01 17:10:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.01.01 17:10:12 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.01.01 17:10:11 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files - Modified Within 30 Days ========== [2013.01.17 19:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam_Wu\Desktop\OTL.exe [2013.01.17 19:16:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.17 19:16:35 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys [2013.01.17 19:13:25 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.17 19:13:14 | 095,023,320 | ---- | M] () -- C:\ProgramData\K5wtzba.pad [2013.01.17 19:11:53 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.17 19:08:46 | 000,003,247 | ---- | M] () -- C:\ProgramData\K5wtzba.js [2013.01.17 19:08:46 | 000,001,079 | ---- | M] () -- C:\Users\Sam_Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.17 19:08:46 | 000,000,153 | ---- | M] () -- C:\ProgramData\K5wtzba.reg [2013.01.17 19:08:46 | 000,000,081 | ---- | M] () -- C:\ProgramData\K5wtzba.bat [2013.01.17 19:06:20 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.17 19:06:20 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 12:47:47 | 000,418,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.12 20:40:26 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 20:40:26 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 20:40:26 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 20:40:26 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 20:40:26 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.05 16:40:44 | 000,054,624 | ---- | M] () -- C:\Users\Sam_Wu\Desktop\Bergvagabunden _ Die Liederkiste 2.pdf [2013.01.05 16:40:09 | 000,059,772 | ---- | M] () -- C:\Users\Sam_Wu\Desktop\Bergvagabunden _ Die Liederkiste.pdf [2013.01.03 18:29:52 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk ========== Files Created - No Company Name ========== [2013.01.17 19:08:46 | 000,003,247 | ---- | C] () -- C:\ProgramData\K5wtzba.js [2013.01.17 19:08:46 | 000,001,079 | ---- | C] () -- C:\Users\Sam_Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.17 19:08:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\K5wtzba.reg [2013.01.17 19:08:46 | 000,000,081 | ---- | C] () -- C:\ProgramData\K5wtzba.bat [2013.01.17 19:08:42 | 095,023,320 | ---- | C] () -- C:\ProgramData\K5wtzba.pad [2013.01.05 16:40:42 | 000,054,624 | ---- | C] () -- C:\Users\Sam_Wu\Desktop\Bergvagabunden _ Die Liederkiste 2.pdf [2013.01.05 16:40:07 | 000,059,772 | ---- | C] () -- C:\Users\Sam_Wu\Desktop\Bergvagabunden _ Die Liederkiste.pdf [2012.12.14 17:11:14 | 000,002,616 | ---- | C] () -- C:\Users\Sam_Wu\AppData\Local\recently-used.xbel [2011.05.22 15:54:25 | 000,003,584 | ---- | C] () -- C:\Users\Sam_Wu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.11 19:45:11 | 000,235,043 | ---- | C] () -- C:\Windows\hpoins21.dat [2011.02.11 19:45:11 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat [2011.02.04 17:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
17.01.2013, 20:19
| #2 |
| /// Malware-holic   | GUV Problem... Wie wohl leider viele :( hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.17 19:08:46 | 000,003,247 | ---- | C] () -- C:\ProgramData\K5wtzba.js
[2013.01.17 19:08:46 | 000,001,079 | ---- | C] () -- C:\Users\Sam_Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.17 19:08:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\K5wtzba.reg
[2013.01.17 19:08:46 | 000,000,081 | ---- | C] () -- C:\ProgramData\K5wtzba.bat
[2013.01.17 19:08:42 | 095,023,320 | ---- | C] () -- C:\ProgramData\K5wtzba.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
17.01.2013, 20:46
| #3 |
| | GUV Problem... Wie wohl leider viele :( Hallo Markus,
__________________vielen Dank für deine schnelle Hilfe! Beim ersten Versuch hat der Akku schlapp gemacht und der Rechner war schlagartig aus, während euer Tool noch lief... Ich habe es dann nach Neustart erneut ausgeführt. Es lief ohne Probleme durch und bat um einen Neustart. Nach dem Neustart erhielt ich zwei Meldungen, zum einen ein Pop-up mit der Überschrift RunDLL, Inhalt : Problem beim Starten von C:\users\name\appdata\local\temp\abztw5K.exe Das angegebene Modul wurde nicht gefunden. Die zweite Meldung ist das durch das Tool erzeugte File: Code:
ATTFilter All processes killed
========== OTL ==========
File C:\ProgramData\K5wtzba.js not found.
File C:\Users\Sam_Wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\K5wtzba.reg not found.
File C:\ProgramData\K5wtzba.bat not found.
File C:\ProgramData\K5wtzba.pad not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: günter sax
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: günter sax
->Temp folder emptied: 6639 bytes
->Temporary Internet Files folder emptied: 26963846 bytes
->Java cache emptied: 594876 bytes
->Opera cache emptied: 6054370 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406928128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 10064355859 bytes
Total Files Cleaned = 10.018,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01172013_203530
Files\Folders moved on Reboot...
C:\Users\günter sax\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.01.2013, 21:55
| #4 |
| /// Malware-holic | GUV Problem... Wie wohl leider viele :( ok download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2013, 15:33
| #5 |
| | GUV Problem... Wie wohl leider viele :( Hallo Markus, ich habe mit den Kasperky TDSSKiller den Scan durchgeführt. Fünf verdächtige Dateien wurden gefunden. Ich habe Sie nicht kopiert (und in Quarantäne verschoben) und auch nicht gelöscht. Habe das Fenster nur über "Continue" geschlossen. Den untersten Teil der Scan-Report bzw. die tdsskiller....txt-Datei (TDSSKiller.2.8.15.0_20.01.2013_14.49.37_log) findest Du gleich darunter. Leider war der ganze Scan-Report mit 132012 Zeichen zu lang. Im Anhang sind zusätzliche Bilder, falls nötig. Code:
ATTFilter 14:57:50.0139 3740 Scan finished
14:57:50.0139 3740 ============================================================
14:57:50.0164 1928 Detected object count: 5
14:57:50.0164 1928 Actual detected object count: 5
14:59:53.0318 1928 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:53.0318 1928 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:53.0319 1928 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:53.0319 1928 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:53.0325 1928 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:53.0367 1928 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:53.0368 1928 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:53.0368 1928 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:53.0372 1928 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:53.0372 1928 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank im Voraus für deine Hilfe. Wünsche Dir und deinem Team ein schönes Wochenende. |
|
20.01.2013, 15:58
| #6 |
| /// Malware-holic | GUV Problem... Wie wohl leider viele :( bitte das log anhängen, packen falls zu groß, danke
__________________ --> GUV Problem... Wie wohl leider viele :( |
|
20.01.2013, 18:24
| #7 |
| | GUV Problem... Wie wohl leider viele :( Hallo Markus, im Anhang findest Du den Scan-Report (.TXT-Datei). Danke im Voraus für dein Bemühen. |
|
20.01.2013, 18:35
| #8 | |
| /// Malware-holic | GUV Problem... Wie wohl leider viele :( danke. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2013, 20:13
| #9 |
| | GUV Problem... Wie wohl leider viele :( Hallo Markus, hab die Combofix.exe ausgeführt. Hier findest du den Inhalt des Logfiles: Code:
ATTFilter ComboFix 13-01-17.04 - Sabrina 20.01.2013 19:47:56.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1100 [GMT 1:00]
ausgeführt von:: c:\users\Sabrina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-20 bis 2013-01-20 ))))))))))))))))))))))))))))))
.
.
2013-01-20 18:54 . 2013-01-20 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-17 20:40 . 2013-01-17 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-17 20:39 . 2013-01-17 20:39 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-17 20:39 . 2013-01-17 20:39 -------- d-----w- c:\program files (x86)\Java
2013-01-17 20:17 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-01-17 20:17 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-17 20:17 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-17 20:17 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-01-17 20:17 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-01-17 20:17 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-17 20:04 . 2013-01-17 20:39 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 19:24 . 2013-01-17 19:24 -------- d-----w- C:\_OTL
2013-01-12 16:44 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-12 16:43 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-12 16:43 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-01 16:10 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-01 16:10 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-01 16:10 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-01 16:10 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 19:34 . 2011-05-22 05:33 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 19:04 . 2012-11-04 16:22 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 19:04 . 2012-11-04 16:22 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-30 04:45 . 2013-01-12 16:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-11 20:31 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-11 20:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-11 20:32 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-11 20:32 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-11 20:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-11 20:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-11 20:32 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-11 20:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-11 20:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-11 20:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-11 20:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-11 20:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-11 20:32 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-11 20:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-11 20:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-11 20:32 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-11 20:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-11 20:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-11 20:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-11 20:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-11 20:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-11 20:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-11 19:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-11 19:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-11 19:15 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-11 19:15 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 10:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-11-5 3511296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2007-04-26 291840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 36864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 69048917
*Deregistered* - 69048917
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 12:10]
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 12:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 120320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-20 19:59:06
ComboFix-quarantined-files.txt 2013-01-20 18:59
.
Vor Suchlauf: 8 Verzeichnis(se), 75.246.301.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 74.739.494.912 Bytes frei
.
- - End Of File - - DA5FC9320B5F2F10673A0C68C2850C6D
Hat sich bei meinem Notebook noch ein Virus oder ähnliches eingeschlichen? Warum habe ich den Combofix gebraucht? Kannst Du mir als Spezialist ein Programm empfehlen, wie ich mein Notebook besser vor Viren, Trojanern usw. schützen kann? Auf eine Antwort freue ich mich sehr. Vielen Dank für dein Bemühen !!! Schönen Abend noch. |
|
21.01.2013, 14:43
| #10 |
| /// Malware-holic | GUV Problem... Wie wohl leider viele :( hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.01.2013, 20:41
| #11 |
| | GUV Problem... Wie wohl leider viele :( Hallo Markus, habe Malwarebytes installiert und durchlaufen lassen. Zwei verdächtige Dateien wurden gefunden, die ich entfernt habe. Das dazugehörige Logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.28.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sabrina :: WHITETIGER [Administrator] Schutz: Aktiviert 28.01.2013 19:29:13 mbam-log-2013-01-28 (19-29-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355089 Laufzeit: 54 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sabrina\Documents\Sonstiges\Keymaker.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank im Voraus fürs Prüfen des Logfiles. Schöne Grüße |
|
29.01.2013, 15:31
| #12 |
| /// Malware-holic | GUV Problem... Wie wohl leider viele :( hi C:\Users\Sabrina\Documents\Sonstiges\Keymaker.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. die Verwenung von raubkopieen ist nicht legal. C:\Users\Sabrina\Documents\Sonstiges\Keymaker.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. ist ein Hinweis auf Keygens, deswegen können wir dir nur hilfe beim neu aufsetzen und absichern des Gerätes geben. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GUV Problem... Wie wohl leider viele :( |
| autorun, avira, bho, browser, clipgrab, converter, error, excel, firefox, flash player, format, google, install.exe, logfile, mp3, msiinstaller, object, plug-ins, programm, registry, rundll, scan, security, senden, software, svchost.exe, system, usb, windows |
Linear-Darstellung
