| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor.TrojanWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.02.2013, 11:29
| #46 |
 |  Backdoor.Trojan Ich weiss nicht, ob ich das jetzt richtig gemacht habe. Nach dem Laden der Datei, öffnete sich das Kommandofenster mit dem folgenden Text: Code:
ATTFilter IEREREG-64 Version 1.08 for IE8 02.01.2010
for the 64bit version of IE8 on 64bit Windows
by Kai Schaetzl hxxp://iefaq.info
installs and registers (if suitable) all DLLs known to be used by IE8.
should only take a few seconds, but please be patient
registering IE files
registering system files
if your new tabs page has changed, please read the comments at the end of the sc
ript
all tasks have been finished
Drücken Sie eine beliebige Taste . . .
Soweit ich das beurteilenen kann, ist auch nichts passiert. Also immer noch Zertifakatsprobleme. |
|
26.02.2013, 23:28
| #47 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoor.Trojan Eine Kontrolle mit OTL bitte:
__________________
__________________ |
|
27.02.2013, 10:23
| #48 |
| | Backdoor.Trojan OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 27.02.2013 08:16:51 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heiner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 70,06% Memory free
16,00 Gb Paging File | 13,06 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 357,17 Gb Free Space | 38,75% Space Free | Partition Type: NTFS
Computer Name: GOLDGLAS | User Name: Heiner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AA0EA5-C00B-42AC-B262-F9F66537550A}" = lport=139 | protocol=6 | dir=in | app=system |
"{1ACBCCC5-66F7-4EFE-9955-838B43F18581}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1DDC30BB-08FD-43A8-81A7-7AE7992B1EED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27B53071-999A-4D2C-B28B-E6E923808B2F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29E5888B-F2D7-4105-B917-3DB5A37192AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32CF37DC-78AA-4708-8FAA-258B8E81EB21}" = lport=137 | protocol=17 | dir=in | app=system |
"{3650E18F-A7D9-463E-9F5D-2370B392E845}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{38DEC547-413E-412B-9127-1EE6E39825DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{447DAE0D-176F-4FEC-B051-A8950954DE78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{53A5764C-5951-4346-9499-B02E7FDE210F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6146D875-D553-4B06-B809-A4AB99E601E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61862438-6FFE-452A-A521-9768CF9D0571}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A4082AD-3F2F-43F9-8DBF-152339C11A91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{807421BD-DDE2-4B36-818B-62B542489D75}" = rport=445 | protocol=6 | dir=out | app=system |
"{82483ECF-7CB0-432C-93F6-77092AED4DFB}" = rport=138 | protocol=17 | dir=out | app=system |
"{83278D0A-5432-4E3A-9FD3-5AE5D0933AEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8527F4E2-B575-4E86-A59B-0F52395A16A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8778A330-F5B5-4FD8-BECD-AB6292FBAB80}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE42CA5-5994-4F48-B60A-CA653CCEEC59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FB3BC05-D995-4D0C-8590-77E8B48E1014}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98A37B68-9392-4F48-9E9E-79C13AC71351}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C793851-D92C-40E3-897C-122C8484ECFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2D5AB84-DE9D-4154-9221-CF8D01A6985D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB7A341E-3AB9-4FA8-A0F7-55FA99E092D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E211F38B-E749-4AFC-B07D-F58A6C7E6B68}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0255077B-3032-4823-A185-2AEDEA1F26F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05F97508-D2A0-4F50-A594-2C4A3CE49CCE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1AEFF5B9-F3FA-41FA-AF55-1CAFCBCE8864}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{2AB682F2-AAED-4AD5-8433-09E551B7D8D1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2ACBFD7B-B877-4596-B6BD-9997F2A786AB}" = protocol=6 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs36fc\hpdiagnosticcoreui.exe |
"{2C12113D-4654-4AC9-92CA-24E7FDB11341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33369D87-B396-4808-9149-6B40224AA578}" = protocol=17 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs36fc\hpdiagnosticcoreui.exe |
"{4800DBA4-60F0-44FC-8573-D716124ADA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5061DEB5-8432-4C60-9051-9EAB22EF09BF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5433AEA8-B62C-4A97-B762-4BBB4CB5A0BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54E65B2A-706C-458A-8961-7503A1A10B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B42DC7F-BFFC-4087-B511-437F1F9512C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77AB08F9-8194-48E0-BDF4-F53F766C38C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{830A8BF8-46DB-4743-ACE3-E1B8BCAE8A6A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8B1BB70B-81FE-40B9-8DCC-EA407DD46954}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{95F8DDAE-AA5E-4102-9BC8-E7D61F148585}" = protocol=6 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs3554\hpdiagnosticcoreui.exe |
"{9BA65022-9CCF-4657-ADDE-E10C45B3FF57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F2EA552-91DB-4B11-A8D0-589741016F20}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{B62B55BD-D33D-4E4A-A2E0-22C8B10466E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAD1449C-FF5D-4ED3-A71E-62BF25A66BA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C5F70951-4155-4735-8B53-C3216BB86FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{DB870E3B-48B9-461C-AB07-8838C26B99FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBD35B13-A815-424E-9EB0-E6A033DACC14}" = protocol=17 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs4dd2\hppiw.exe |
"{E40C8D9F-E9C0-43FC-9AEE-77097B14BC26}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E77121F2-3602-409B-A6EE-7544B00E7CFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8F25F77-A86C-4227-AAB8-1E44BE027EFA}" = protocol=6 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs4dd2\hppiw.exe |
"{E9C8A71F-8AA6-4526-A42B-8A4770A2F96F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0A3AA44-46CB-4CB2-BEC2-42FB42BC9589}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2C838E6-6423-456E-9FE9-67686BEB5291}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2F72826-CA26-4352-9013-2049873A91F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5711A98-B780-4C7F-91FE-0AD6C70CD52B}" = protocol=17 | dir=in | app=c:\users\heiner\appdata\local\temp\7zs3554\hpdiagnosticcoreui.exe |
"{FF2C00E6-B87E-44DF-87F0-8A52F6C86488}" = protocol=6 | dir=out | app=system |
"{FFE0B1E5-D00A-482C-B128-02A151A7FC19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{4A524951-E2F1-4930-A8D7-256EABF07CD8}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{D4C470A9-22E2-4CDD-9827-68E6512F4D48}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E8B0E57E-9C41-4953-9B76-4658BF5DF8A5}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{3882AA81-36F4-4549-8FC3-82EE49892C78}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{714F6564-787D-48FF-B4BC-B037E439C8CF}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{7C05C06D-696D-4F3C-AD24-17618C0C4195}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C768E610-4DFB-4A60-A59B-71549EB7BF75}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68e38297-863d-403b-8e62-9e1ee3fa702d}" = Nero 9 Essentials
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAAE49C1-2844-4614-BCB9-1485569E344D}" = pdfforge Toolbar v6.9
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EOS Utility" = Canon Utilities EOS Utility
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"HP Photo Creations" = HP Photo Creations
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NAV" = Norton AntiVirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2321657326-780348007-3885685630-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 02:32:19 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 25.02.2013 05:42:20 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 25.02.2013 11:32:16 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 25.02.2013 13:24:41 | Computer Name = Goldglas | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Heiner\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 25.02.2013 14:42:51 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 26.02.2013 02:32:49 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 26.02.2013 03:25:14 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 26.02.2013 06:46:02 | Computer Name = Goldglas | Source = Application Hang | ID = 1002
Description = Programm DPPEditor.exe, Version 3.9.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1210 Startzeit:
01ce140e1da7d0f0 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Canon\Digital
Photo Professional\DPPEditor.exe Berichts-ID: b1635d51-8001-11e2-815d-0030678faac2
Error - 26.02.2013 11:22:20 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
Error - 27.02.2013 02:26:15 | Computer Name = Goldglas | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Current process is not trusted Type: 94::InvalidSignature.
[ System Events ]
Error - 25.02.2013 15:12:12 | Computer Name = Goldglas | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2789642)
Error - 25.02.2013 15:14:24 | Computer Name = Goldglas | Source = Ntfs | ID = 262281
Description = Auf dem Volume "System" konnte der Transaktionsressourcen-Manager
aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode
ist in den Daten enthalten.
Error - 26.02.2013 02:58:03 | Computer Name = Goldglas | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2789642)
Error - 26.02.2013 03:03:18 | Computer Name = Goldglas | Source = DCOM | ID = 10010
Description =
Error - 26.02.2013 03:18:59 | Computer Name = Goldglas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 26.02.2013 03:20:27 | Computer Name = Goldglas | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 26.02.2013 03:44:06 | Computer Name = Goldglas | Source = DCOM | ID = 10010
Description =
Error - 26.02.2013 10:56:46 | Computer Name = Goldglas | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2789642)
Error - 26.02.2013 10:58:18 | Computer Name = Goldglas | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2789642)
Error - 26.02.2013 13:23:21 | Computer Name = Goldglas | Source = DCOM | ID = 10010
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.02.2013 08:16:51 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heiner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 70,06% Memory free 16,00 Gb Paging File | 13,06 Gb Available in Paging File | 81,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,75 Gb Total Space | 357,17 Gb Free Space | 38,75% Space Free | Partition Type: NTFS Computer Name: GOLDGLAS | User Name: Heiner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Heiner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Heiner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll () MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll () MOD - C:\Windows\SysWOW64\NPSWF32.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130222.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130222.003\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130221.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 29 3D 92 7E 13 CE 01 [binary data] IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FF F3 D7 A5 A5 CB 01 [binary data] IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\SearchScopes\{AE5AF7FA-BCD8-492C-99B4-E15655037224}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\IPSFFPlgn\ [2013.02.15 17:43:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.25 16:40:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 16:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiner\AppData\Roaming\mozilla\Extensions [2013.02.25 16:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.22 12:30:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\registration.exe (Corel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk () O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk () O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heiner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2321657326-780348007-3885685630-1001\..Trusted Domains: web.de ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2321657326-780348007-3885685630-1004\..Trusted Domains: web.de ([www] https in Vertrauenswürdige Sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{834EF8B1-98D9-474E-84B7-AD2E49C55429}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 17:47:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.26 11:20:06 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Desktop\ie8-rereg.64on64 [2013.02.26 07:58:09 | 000,758,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll [2013.02.26 07:56:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.02.26 07:56:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.02.26 07:56:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.02.26 07:56:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.02.26 07:56:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.02.26 07:56:10 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.02.26 07:56:10 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.02.26 07:56:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.02.26 07:56:10 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.02.26 07:56:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.02.26 07:56:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.02.26 07:56:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.02.26 07:56:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.02.26 07:56:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.02.26 07:56:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.02.26 07:56:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.02.26 07:56:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.02.26 07:56:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.02.26 07:56:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.02.26 07:56:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.02.26 07:56:09 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.02.26 07:56:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.02.26 07:56:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.02.26 07:56:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.02.26 07:54:21 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.02.26 07:54:21 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.02.26 07:53:59 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.02.25 19:14:50 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.25 19:14:49 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.25 19:14:49 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.25 19:14:34 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.25 19:14:33 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.25 19:14:33 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.25 19:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.25 19:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.25 19:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.25 19:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.25 19:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.25 16:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.02.25 16:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.02.25 16:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.25 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\Mozilla [2013.02.25 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Local\Mozilla [2013.02.25 16:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.25 16:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.25 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.23 10:26:45 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Heiner\Desktop\TFC.exe [2013.02.22 16:16:31 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Heiner\Desktop\esetsmartinstaller_enu.exe [2013.02.22 12:28:11 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.21 17:39:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.21 17:39:27 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.21 17:37:16 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Heiner\Desktop\JRT.exe [2013.02.21 07:58:36 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Documents\SightSpeed Recordings [2013.02.20 13:23:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.20 13:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.20 12:41:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.20 12:41:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.20 12:41:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.20 12:31:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.20 12:30:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.20 12:18:22 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Heiner\Desktop\ComboFix.exe [2013.02.18 23:49:49 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\NVIDIA [2013.02.17 14:45:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Heiner\Desktop\tdsskiller.exe [2013.02.17 11:10:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Heiner\Desktop\aswMBR.exe [2013.02.15 17:30:14 | 000,000,000 | ---D | C] -- C:\c3c651c179eec22d884ab853 [2013.02.14 14:57:25 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Desktop\mbar [2013.02.14 13:22:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heiner\Desktop\OTL.exe [2013.02.14 08:56:24 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Local\NPE [2013.02.14 03:01:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 03:01:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 03:01:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 03:01:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 03:01:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 03:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 03:01:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 03:01:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 03:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 03:01:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 03:01:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 03:01:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 03:01:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 03:01:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 03:01:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 16:50:22 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 16:50:20 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 16:50:19 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 16:50:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 16:49:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 16:49:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 16:49:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 16:49:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 16:49:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 16:49:50 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 16:02:33 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\Malwarebytes [2013.02.13 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.13 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.13 16:02:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.13 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.13 16:01:38 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Local\Programs [2013.02.13 08:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2013.02.13 08:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2013.02.12 18:40:48 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Local Settings [2013.02.12 13:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings ========== Files - Modified Within 30 Days ========== [2013.02.27 07:54:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.27 07:26:42 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 07:26:42 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 07:16:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.27 07:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.27 07:15:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2013.02.27 07:14:50 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys [2013.02.26 17:49:45 | 000,644,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 17:49:45 | 000,607,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 17:49:45 | 000,126,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 17:49:45 | 000,103,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 08:14:01 | 002,197,978 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\Cat.DB [2013.02.25 19:14:18 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.25 19:14:17 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.25 19:14:17 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.25 19:14:17 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.25 19:14:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.25 19:14:17 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.25 16:39:59 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.02.25 16:05:39 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.25 10:44:15 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.23 10:26:46 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Heiner\Desktop\TFC.exe [2013.02.22 17:00:09 | 000,008,536 | ---- | M] () -- C:\{98D85693-135D-4FDC-A7FB-966991C05C10} [2013.02.22 16:58:56 | 000,030,344 | ---- | M] () -- C:\{44BADFA5-F930-4A08-9209-A2B5A815F627} [2013.02.22 16:52:37 | 000,030,344 | ---- | M] () -- C:\{992EC7A9-9BE8-42CC-A2FE-1018F43D7BFE} [2013.02.22 16:16:32 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Heiner\Desktop\esetsmartinstaller_enu.exe [2013.02.22 12:30:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013.02.21 18:18:07 | 000,587,671 | ---- | M] () -- C:\Users\Heiner\Desktop\adwcleaner0.exe [2013.02.21 17:37:16 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Heiner\Desktop\JRT.exe [2013.02.20 13:10:09 | 000,083,424 | ---- | M] () -- C:\{9E7E081E-109F-42D5-8CB7-0B5505887FAE} [2013.02.20 13:01:42 | 000,265,976 | ---- | M] () -- C:\{F2B19E8E-85A8-44E6-ADA4-05632E01884C} [2013.02.20 12:18:35 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Heiner\Desktop\ComboFix.exe [2013.02.17 14:45:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Heiner\Desktop\tdsskiller.exe [2013.02.17 11:12:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Heiner\Desktop\aswMBR.exe [2013.02.15 11:45:06 | 000,000,039 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\mbam.context.scan [2013.02.14 14:09:59 | 000,365,568 | ---- | M] () -- C:\Users\Heiner\Desktop\gmer_2.0.18454.exe [2013.02.14 13:22:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heiner\Desktop\OTL.exe [2013.02.14 13:21:47 | 000,000,000 | ---- | M] () -- C:\Users\Heiner\defogger_reenable [2013.02.14 13:19:56 | 000,050,477 | ---- | M] () -- C:\Users\Heiner\Desktop\Defogger.exe [2013.02.14 03:28:22 | 002,232,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 19:21:49 | 000,002,658 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2013.02.07 19:20:50 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\VT20130115.021 [2013.02.02 07:31:42 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\isolate.ini ========== Files Created - No Company Name ========== [2013.02.26 07:58:09 | 000,011,164 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin [2013.02.25 16:39:58 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.02.25 16:05:38 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.25 16:05:35 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.22 17:00:09 | 000,008,536 | ---- | C] () -- C:\{98D85693-135D-4FDC-A7FB-966991C05C10} [2013.02.22 16:58:56 | 000,030,344 | ---- | C] () -- C:\{44BADFA5-F930-4A08-9209-A2B5A815F627} [2013.02.22 16:52:37 | 000,030,344 | ---- | C] () -- C:\{992EC7A9-9BE8-42CC-A2FE-1018F43D7BFE} [2013.02.21 18:17:59 | 000,587,671 | ---- | C] () -- C:\Users\Heiner\Desktop\adwcleaner0.exe [2013.02.20 13:10:09 | 000,083,424 | ---- | C] () -- C:\{9E7E081E-109F-42D5-8CB7-0B5505887FAE} [2013.02.20 13:01:42 | 000,265,976 | ---- | C] () -- C:\{F2B19E8E-85A8-44E6-ADA4-05632E01884C} [2013.02.20 12:41:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.20 12:41:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.20 12:41:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.20 12:41:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.20 12:41:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.15 11:45:06 | 000,000,039 | ---- | C] () -- C:\Users\Heiner\AppData\Roaming\mbam.context.scan [2013.02.14 14:09:58 | 000,365,568 | ---- | C] () -- C:\Users\Heiner\Desktop\gmer_2.0.18454.exe [2013.02.14 13:21:47 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\defogger_reenable [2013.02.14 13:19:56 | 000,050,477 | ---- | C] () -- C:\Users\Heiner\Desktop\Defogger.exe [2012.11.09 10:27:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.09.02 09:09:31 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\{77A2C8DC-1852-47EC-90EE-0CBE8A1DA986} [2011.07.26 16:13:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.07.23 06:46:49 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\{5713649D-AD24-4724-B019-6739B154EFEC} [2011.07.23 06:45:08 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\{56E0B3EA-EE24-45ED-8819-4D775B5A61E0} [2011.06.22 14:41:40 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\{1F6F750A-D951-4236-9E3E-1DFC249E4655} [2011.06.22 14:39:52 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\{A709DD15-E334-4284-956C-BF7296D6655A} [2011.05.04 17:46:26 | 000,000,157 | ---- | C] () -- C:\Users\Heiner\AppData\Roaming\default.rss [2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.02.07 18:22:25 | 000,000,000 | ---- | C] () -- C:\Users\Heiner\.gtk-bookmarks [2011.01.17 18:28:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
27.02.2013, 11:48
| #49 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan Ich seh da nichts, führ mal bitte Farbar's Scanner aus: Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.02.2013, 12:29
| #50 |
| | Backdoor.TrojanCode:
ATTFilter Farbar Service Scanner Version: 20-02-2013
Ran by Heiner (administrator) on 27-02-2013 at 12:27:31
Running from "C:\Users\Heiner\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
27.02.2013, 12:41
| #51 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan Ist auch unauffällig. Erstell dir mal ein neues Windows-Benutzerkonto über die Systemsteuerung, vergib ruhig Adminrechte und bitte auch ein Passwort. Log dich aus und mit dem soeben neu erstellten User ein - teste da bitte den IE nochmal.
__________________ --> Backdoor.Trojan |
|
27.02.2013, 15:35
| #52 |
| | Backdoor.Trojan ....ist leider für mich kein Unterschied zu sehen gewesen. Was ist den mit dem Fenser beim Starten des IE, ich habe die empfohlene Sicherheitseinstellung gewählt. War das richtig? |
|
27.02.2013, 15:38
| #53 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan Ja, das ist schon ok. Versuch mal den IE9 zu deinstallieren über Systemsteuerung, Programme und Funktionen Danach Rechner neustarten, schauen wie sich dann IE8 verhält. (den IE kann man nicht komplett deinstallieren, wenn du IE auf diesem deinstallierst erhälst du die Vorgängerversion)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2013, 17:08
| #54 |
| | Backdoor.Trojan bei Systemsteuerung\Programme\Programme und Funktionen habe ich den IE nicht gefunden, wohl aber daneben die Funktion Windos-Funktionen aktiviere/deaktivieren. Da habe ich das Häkchen wechgemacht. Nach dem Neustart war aber alles wie gehabt und das Häkchen war auch wieder da. Was habe ich falsch gemacht? |
|
27.02.2013, 17:43
| #55 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan Du musst dir die installierten Updates anzeigen lassen Dann siehst du auch Windows Internet Explorer 9
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2013, 08:18
| #56 |
| | Backdoor.Trojan Geht auch nicht, steht dann da: Die Webseite kann nicht angezeigt werden.... Kann das nicht alles mit den fehlgeschlagen Updates zusammenhängen, die der Rechner seit dem Trojanerbefall machen möchte? Fehlercode: WindowsUpdate_800B010B |
|
28.02.2013, 09:09
| #57 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2013, 10:02
| #58 |
| | Backdoor.Trojan habe ich gemacht, es kam dann ein Fenster, wo stand:Schlüssel und Werte von C:/User/ Heiner/Update Error_800B010B.reg wurden erfolgreich in die Registrierung eingetragen. War das ok so? Was passiert jetzt? |
|
28.02.2013, 10:17
| #59 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Trojan Vllt mal jetzt prüfen ob es klappt? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2013, 10:30
| #60 | |
| | Backdoor.Trojan hat nicht geklappt, das Update ist wieder fehlgeschlagen. Ich fahre jetzt einmal runter und probiere es noch mal das sah für mich zuerst ganz gut aus. Die Updates wurden installiert. Aber bei genaueren Nachsehen war das besagte Update(KB2789642) nicht dabei. Es wurden aber 3 andere Sicherheitsupdates installiert(KB2792100)(KB2706045)(KB2797052) und noch was für Windos(KB2598845). Der IE läuft immer noch nicht wie er sollte. was jetzt weiter? Hallo! Bei den fehlenden Updates sind auch: Adobe Acrobat Adobe PDF Plug-In For Firefox and Netscape 10.1.1 Veraltete Version Aktualisieren Plugin Icon Shockwave Flash so kann ich z.B. mit dem Firefox keine Bilder hochladen oder bei You Tube keine Filme ansehen. Was soll ich weiter tuen? Zitat:
|
|
| Themen zu Backdoor.Trojan |
| anzeige, anzeigen, appdata, backdoor.trojan, datei, erkannt, explorer, fehler, gelöscht, gen, gesendet, internet, internet explorer, laden, mail, msifkzxq.pif, nicht mehr, norton, problem, probleme, scan, server, sicherheitszertifikatprobleme, temp, trojaner, virenscanner, warnmeldung, windows, windows internet, zertifikate |
Linear-Darstellung
