| |
| |||||||
Log-Analyse und Auswertung: Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.05.2013, 17:31
| #1 |
| |  Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Hab keine Ahnung was machen; insofern bin ich in diesem Forum gelandet und auf der Seite: http://www.trojaner-board.de/69886-a...-beachten.html Ich freu mich auf weiterführende Hilfe, Danke im vorraus. Habe folgende LOG Files erstellt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2013 17:25:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\....\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,58% Memory free 6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 90,63 Gb Free Space | 62,90% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 89,16 Gb Free Space | 61,92% Space Free | Partition Type: NTFS Computer Name: .... | User Name: ....| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.01 17:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe PRC - [2013.04.02 11:46:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.02 11:46:18 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.02 11:46:15 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.02 11:46:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.28 14:19:30 | 001,926,944 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\hqtray.exe PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.26 02:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Programme\VMware\VMware Player\zlib1.dll MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Programme\VMware\VMware Player\libxml2.dll MOD - [2008.03.30 16:22:42 | 000,070,144 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013.04.13 20:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.13 20:12:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.02 11:46:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.02 11:46:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC302.sys -- (VMC302) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.02 11:46:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.02 11:46:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.02 11:46:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.02 11:46:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.11.16 16:51:36 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010.11.11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010.11.11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010.11.11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010.11.11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010.11.11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010.11.11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010.08.19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.09.03 18:05:34 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2001.12.14 15:08:22 | 000,014,096 | ---- | M] (Wordcraft International Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WILPAR.SYS -- (WILPAR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 20:47:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 17:36:10 | 000,000,000 | ---D | M] [2013.04.02 11:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Extensions [2013.04.04 08:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\89flgnib.default\extensions [2013.04.04 08:15:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\89flgnib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.13 20:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 20:47:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Unimessage Pro] C:\Program Files\Unimessage Pro\Unimsg.exe (Wordcraft International Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37FBAEDD-AAAA-4F86-8391-1917F8367B32}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6DDB10-BD00-4C70-8553-1B807EEADD85}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.13 20:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.12 20:40:27 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\vlc [2013.04.12 20:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.12 20:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.04.12 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.04.10 08:02:25 | 000,000,000 | ---D | C] -- C:\Scanner [2013.04.10 08:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S700 Scancopier [2013.04.10 08:01:40 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S700 Scancopier Printer Profile Utility [2013.04.10 08:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\S700 Scancopier Printer Profile Utility [2013.04.10 08:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unimessage Pro [2013.04.10 08:00:37 | 000,014,096 | ---- | C] (Wordcraft International Ltd.) -- C:\Windows\System32\drivers\WILPAR.SYS [2013.04.10 08:00:19 | 000,110,592 | ---- | C] (Wordcraft International Limited) -- C:\Windows\System32\wilspool.dll [2013.04.10 08:00:19 | 000,045,056 | ---- | C] (Wordcraft International Limited) -- C:\Windows\System32\Faxfil32.dll [2013.04.10 08:00:02 | 000,282,624 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\Imgman32.dll [2013.04.10 08:00:02 | 000,035,328 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\Im31bmp.dil [2013.04.10 08:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unimessage Pro [2013.04.09 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\PSpad [2013.04.09 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Macromedia [2013.04.09 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\VMware [2013.04.09 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\VMware [2013.04.09 19:06:07 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2013.04.09 19:02:49 | 000,000,000 | ---D | C] -- C:\xampp [2013.04.09 18:49:50 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2013.04.09 18:49:46 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2013.04.09 18:49:46 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2013.04.09 18:48:57 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2013.04.09 18:48:27 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2013.04.09 18:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2013.04.09 18:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013.04.09 18:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.04.09 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2013.04.09 18:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor [2013.04.09 18:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\PSPad editor [2013.04.04 07:48:39 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.04.04 07:48:39 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.04.04 07:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.04.04 07:48:22 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\TuneUp Software [2013.04.04 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.04.04 07:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.04.04 07:47:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.04.04 07:47:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.04.04 07:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.04.04 07:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.03 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\Documents\Play Camera Media [2013.04.03 17:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.04.03 17:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2013.04.02 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2013.04.02 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.02 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.04.02 18:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.04.02 18:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.04.02 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.04.02 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Microsoft Help [2013.04.02 18:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.02 18:30:25 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.04.02 17:32:00 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\DataDesign [2013.04.02 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Lexware [2013.04.02 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\World Money [2013.04.02 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Wertpapieranalyse 2012 [2013.04.02 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DataDesign [2013.04.02 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\Documents\Lexware [2013.04.02 17:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2013.04.02 17:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lexware [2013.04.02 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2013.04.02 17:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.02 17:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.04.02 17:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.02 16:58:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2013.04.02 16:58:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2013.04.02 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2013.04.02 16:56:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2013.04.02 16:40:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2013.04.02 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.04.02 15:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexware [2013.04.02 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Lexware [2013.04.02 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Mozilla [2013.04.02 15:12:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2013.04.02 12:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.04.02 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Google [2013.04.02 12:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.04.02 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Zattoo [2013.04.02 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2013.04.02 12:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2013.04.02 12:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4 [2013.04.02 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Mozilla [2013.04.02 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Thunderbird [2013.04.02 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Thunderbird [2013.04.02 11:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.02 11:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.04.02 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.04.02 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.04.02 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Macromedia [2013.04.02 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Avira [2013.04.02 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Adobe [2013.04.02 11:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.02 11:47:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.02 11:47:51 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 11:47:51 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 11:47:51 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.02 11:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.04.02 11:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.04.02 11:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.04.02 11:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.02 10:59:25 | 000,000,000 | ---D | C] -- C:\Samsung [2013.04.02 10:58:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetsyncAgent [2013.04.02 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Intel [2013.04.02 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Adobe [2013.04.02 10:00:20 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Seven Zip ========== Files - Modified Within 30 Days ========== [2013.05.01 17:15:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.01 17:13:23 | 000,169,629 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.01 17:11:42 | 000,000,000 | ---- | M] () -- C:\Users\Wohnzimmer\defogger_reenable [2013.05.01 16:01:42 | 000,631,426 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.01 16:01:42 | 000,598,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.01 16:01:42 | 000,127,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.01 16:01:42 | 000,105,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.01 15:55:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 15:55:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 15:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.01 15:55:16 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.01 15:54:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.01 15:26:40 | 000,169,629 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.04.12 20:40:16 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.12 15:41:33 | 000,385,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.10 13:41:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.04.09 19:06:07 | 000,000,558 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\XAMPP Control Panel.lnk [2013.04.09 18:47:52 | 000,001,024 | ---- | M] () -- C:\.rnd [2013.04.09 18:47:47 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk [2013.04.09 18:44:55 | 000,000,753 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\PSPad.lnk [2013.04.09 16:05:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.09 16:05:39 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.04 07:48:36 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.04 07:48:36 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.03 17:02:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.04.03 09:57:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2013.04.03 09:57:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2013.04.03 09:56:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.02 17:28:07 | 000,002,747 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2013.04.02 17:28:07 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk [2013.04.02 17:24:03 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2012.lnk [2013.04.02 15:26:34 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.02 15:19:01 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.02 13:10:09 | 000,021,504 | ---- | M] () -- C:\Users\Wohnzimmer\AppData\Local\WebpageIcons.db [2013.04.02 12:42:13 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.02 12:30:08 | 000,001,653 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\Zattoo.lnk [2013.04.02 11:55:59 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.04.02 11:48:05 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.02 11:46:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 11:46:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 11:46:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.02 11:46:52 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.02 11:26:56 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.02 11:18:38 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv [2013.04.02 11:04:58 | 000,004,222 | ---- | M] () -- C:\Windows\HotFixList.ini [2013.04.02 10:59:03 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Play AVStation.lnk ========== Files Created - No Company Name ========== [2013.05.01 17:11:42 | 000,000,000 | ---- | C] () -- C:\Users\Wohnzimmer\defogger_reenable [2013.04.13 20:12:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 20:40:16 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.10 13:41:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.04.10 08:00:19 | 000,163,840 | ---- | C] () -- C:\Windows\System32\Wilpar32.dll [2013.04.10 08:00:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\Wilcom32.dll [2013.04.10 08:00:19 | 000,020,603 | ---- | C] () -- C:\Windows\System32\wilpar.vxd [2013.04.10 08:00:19 | 000,011,776 | ---- | C] () -- C:\Windows\System32\Faxfrm32.dll [2013.04.09 19:06:07 | 000,000,558 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\XAMPP Control Panel.lnk [2013.04.09 18:47:52 | 000,001,024 | ---- | C] () -- C:\.rnd [2013.04.09 18:47:47 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk [2013.04.09 18:44:55 | 000,000,753 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\PSPad.lnk [2013.04.04 07:48:36 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.04 07:48:36 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.04 07:48:35 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.04.03 17:02:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.04.03 09:56:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.03 09:43:48 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.03 09:43:48 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.02 17:24:03 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2012.lnk [2013.04.02 17:22:34 | 000,002,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2013.04.02 17:22:34 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk [2013.04.02 16:42:37 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2013.04.02 16:42:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2013.04.02 16:42:29 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2013.04.02 16:42:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2013.04.02 16:42:25 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2013.04.02 16:41:45 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013.04.02 16:41:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2013.04.02 16:41:29 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2013.04.02 16:41:28 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2013.04.02 16:41:27 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2013.04.02 15:26:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.02 15:26:34 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.02 15:19:01 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.02 13:15:27 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2013.04.02 13:15:27 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2013.04.02 13:15:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2013.04.02 12:32:15 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.02 12:31:54 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.02 12:31:54 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.02 12:30:53 | 000,021,504 | ---- | C] () -- C:\Users\Wohnzimmer\AppData\Local\WebpageIcons.db [2013.04.02 12:30:08 | 000,001,653 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\Zattoo.lnk [2013.04.02 12:05:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2013.04.02 11:55:59 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.04.02 11:55:59 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.04.02 11:48:05 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.02 11:26:56 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.04.02 11:26:56 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.02 10:59:03 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Play AVStation.lnk [2013.04.02 10:47:10 | 000,000,275 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.03.29 10:52:10 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.03.29 10:52:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.03.29 10:52:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2008.10.18 23:11:19 | 000,169,629 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.10.18 23:11:18 | 000,169,629 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.02 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\DataDesign [2013.04.02 17:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\Lexware [2013.04.02 11:58:30 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\Thunderbird [2013.04.04 07:48:22 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.05.2013 17:25:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\....\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,58% Memory free
6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 90,63 Gb Free Space | 62,90% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 89,16 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: WOHNZIMMER-PC | User Name: ....| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0374A92C-EE16-4873-B525-BFCACE626464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D09FACC-B8FD-4E2F-A0C9-6B048A3C039A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E04865B-ABDC-4A48-8C91-CE2F50365674}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F635912-6C2D-41DB-8081-6611E94BB5A7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4109CAD8-0919-447D-8C13-B506311AC191}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{467BDFAB-8767-4EDC-BD85-606E18F1C731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system |
"{578C2189-399C-40DF-8EFE-55166E4C56FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system |
"{614F7B75-406A-479A-8918-BFA6602EA20D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{69463DEB-709A-48A3-BE3C-00A7896CDE3F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7AE15844-CE63-469F-AB82-0575ECCE4772}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{861CAC83-3EB4-4CE0-8794-A882110ED7A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{970F7A3B-F698-4291-B932-A5D3392C8D98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{98C7E677-8BFE-43EC-81FD-73731D3969AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D67487D-8ED0-4CC0-B274-772157D05085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E8450E1-CA94-4D09-A187-C1C6195202D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCF024A6-372B-4782-8B92-3ECAC87DDE4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EAE7423D-6208-41D2-80F6-B0F4923E710A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBE5178B-48D1-4D9C-870D-6DB71091E034}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system |
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0DD28B-FDB8-46BE-B90B-F60A50C74053}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1751DB3B-5923-4C99-AFAF-139C21648D46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{19EAF123-2454-4DD4-8CB1-C1B1BF81C043}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1EB5AD34-BAFD-4DD6-AA16-9D8CF653E5A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2CD122CC-E8BA-425E-A137-47B465048FBC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{3034CDC9-2A0A-4934-A823-4E74DC5A2523}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{365C27ED-3CFA-4D9C-9B54-4FDF9C4FD258}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A6FDD4F-E6E0-410F-AA3A-3231A1DDE3F2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{68327C3E-DEC4-49F8-BA57-9A96DA3D7FB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A534BC1-D6DF-477B-B5C1-4223605181E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BE82CBD-E4F8-452F-83BD-C9622FD7498E}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{72F62834-75D5-422B-9B00-F92396C45C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E2AEB1-9477-4A11-83F0-AD4AD5008730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9868112B-2EF0-4B8C-AEA0-26F9A1B54DD9}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{AA1B79D4-7DC4-4729-9B14-A283BB1AA4FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A87F71-8097-437C-ACD5-42FAA652FA6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC1E9FE5-F49A-4B36-B0E1-F726E1C5738A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2E02C0D-C08A-472C-9110-061D1DEB3B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F2E484-91D1-4005-A9A1-04B0E15BF322}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{DBE77CFE-B8F0-4123-BDBD-F4D4632ACCA1}" = protocol=6 | dir=out | app=system |
"{DD62F3CB-AD0A-410D-8CA2-55EADD92505D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{E4F20798-F5F2-4F40-BE36-A305F1FC45DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF505EFA-E74D-4B27-992A-C63BD9F6AB5E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"TCP Query User{5CC443C5-EB66-43CA-9BD0-D4D7FC037870}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{A9115ABE-61B0-41EF-A695-2DBECC8D9A48}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{84D56725-DB0A-4654-971C-19D2F451DD08}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{A41C1641-A7A4-469A-88E1-F0F0337F8ACA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{220DC8D0-3CC8-41A4-8C58-15A1D9FA0362}" = DDBAC
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}" = Quicken Import Export Server Jubiläumsversion
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{990D6165-CA26-483A-9C0B-CDA087F15D37}" = S700 Scancopier
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A7166A02-9745-4F19-BB16-A0CC1F3ABDB1}" = Wertpapieranalyse 2012
"{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken Jubiläumsversion
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PSPad editor_is1" = PSPad editor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Unimessage Pro" = Unimessage Pro
"VLC media player" = VLC media player 2.0.6
"VMware_Player" = VMware Player
"xampp" = XAMPP 1.7.4
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2013 01:49:27 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:27 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:32 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:32 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:38 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:38 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:43 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:43 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 03:27:46 | Computer Name = Wohnzimmer-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16470 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 14e4 Anfangszeit: 01ce30ff802f91d4 Zeitpunkt
der Beendigung: 4
Error - 04.04.2013 04:44:55 | Computer Name = Wohnzimmer-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-01 18:09:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\WOHNZI~1\AppData\Local\Temp\kxrcauoc.sys
---- System - GMER 2.1 ----
SSDT 8CD30EEE ZwCreateSection
SSDT 8CD30EF8 ZwRequestWaitReplyPort
SSDT 8CD30EF3 ZwSetContextThread
SSDT 8CD30EFD ZwSetSecurityObject
SSDT 8CD30F02 ZwSystemDebugControl
SSDT 8CD30E8F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 82081A3C 4 Bytes [EE, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 729 82081D60 4 Bytes [F8, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 75D 82081D94 4 Bytes [F3, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 7C1 82081DF8 4 Bytes [FD, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 809 82081E40 4 Bytes [02, 0F, D3, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E805340, 0x3EE687, 0xE8000020]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\svchost.exe[584] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text C:\Windows\system32\svchost.exe[584] USER32.dll!DialogBoxIndirectParamAorW 76BC2EB6 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\00000065 hcmon.sys
Device \Driver\usbhub \Device\00000066 hcmon.sys
Device \Driver\usbhub \Device\00000067 hcmon.sys
Device \Driver\usbhub \Device\00000068 hcmon.sys
Device \Driver\usbhub \Device\00000069 hcmon.sys
Device \Driver\usbhub \Device\0000006a hcmon.sys
Device \Driver\usbhub \Device\0000006b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbhub \Device\0000006c hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
---- Processes - GMER 2.1 ----
Library c:\windows\system32\z (*** hidden *** ) @ C:\Windows\Explorer.EXE [2856] 0x04090000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Heyo (01.05.2013 um 17:40 Uhr) |
| Themen zu Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 |
| antivir, avira, bho, error, excel, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, logfile, mozilla, plug-in, realtek, registry, rundll, scan, security, senden, software, svchost.exe, tr/sirefef.a., tr/sirefef.a.7, tr/sirefef.a.78, udp, usb, vista, visual studio, wallpapers |
Baum-Darstellung