|
Plagegeister aller Art und deren Bekämpfung: System Care AntivirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.05.2013, 13:59 | #1 |
| System Care Antivirus Hallo, der Laptop meines Sohnes war mit einem Virus befallen. Beim Ansehen von Filmen auf You Tube hatte er sich den Virus System Care Antivirus eingefangen. Beim Start im abgesicherten Modus konnte ich mit Hitman Pro 7 Schädlinge entdecken und beseitigen. Beim nächsten Lauf mit Hitman Pro wurde noch eine verdächtige Datei (System Care Antivirus) gefunden, die ich auch habe löschen lassen. Bei den anschließenden Suchläufen mit Hitman Pro, Malwarebytes Anti-Malware , dem Avira-DE-Cleaner und Avira Free Antivirus wurden keine Bedrohungen mehr gefunden. Secunia PSI meldete zwei veraltete Programme - Adobe AIR und Java JRE. Beim Versuch, für diese beiden Programme Updates von chip.de oder Computerbild.de herunterzuladen kam jedes Mal die Fehlermeldung, dass die Programme einen Virus enthalten würden und deshalb gelöscht wurden. Ich habe die Programme dann von den gleichen Servern auf einem anderen Laptop ohne irgendwelche Probleme auf einen USB-Stick geladen und problemlos auf dem betroffenen Rechner installieren können. Mir drängt sich der Verdacht auf, dass der Laptop doch noch nicht vollkommen Viren frei ist. Was kann ich noch unternehmen, um den Laptop mit Sicherheit wieder Viren frei zu bekommen? Heute Abend werde ich entsprechend der Vorgaben aus dem Forum defogger, OTL und Gmer über den Rechner laufen lassen und die Ergebnisse in einem neuen Thread posten. Geändert von Bernie54 (22.05.2013 um 14:00 Uhr) Grund: Schreibfehler |
22.05.2013, 14:13 | #2 |
/// Helfer-Team | System Care Antivirusdas selbstendige rumpfuschen erschwert das Auffinden von Infektions-Resten. Du hast allerhand Zeugs durch deinen Rechner gejagt, was man mit einem Tool haette erledigen koennen. Logs der jeweiligen Programme hast du auch nicht (Hitman etc.). Setze den Rechner neu auf, den du hast alle Spuren verwischt.
__________________ |
22.05.2013, 20:32 | #3 |
| System Care Antivirus Ich habe den Laptop nacheinander mit OTL und GMER gescannt.
__________________Hier die Log-DateienOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2013 20:41:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amokcaptain\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,84 Gb Total Physical Memory | 7,09 Gb Available Physical Memory | 90,47% Memory free 15,68 Gb Paging File | 14,96 Gb Available in Paging File | 95,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,54 Gb Total Space | 578,02 Gb Free Space | 82,75% Space Free | Partition Type: NTFS Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,51% Space Free | Partition Type: FAT32 Computer Name: AMOKCAPTAIN-PC | User Name: Amokcaptain | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 14:43:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.21 20:16:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.21 20:12:34 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013.05.15 18:31:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.30 17:54:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 17:53:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.06 14:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.05.16 03:07:46 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.23 11:33:44 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.03.21 04:06:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.03.08 18:49:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.02.19 20:41:40 | 000,072,864 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012.01.20 17:15:14 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2011.12.16 06:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.12.16 06:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.16 06:38:24 | 000,161,560 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.12.08 17:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.31 15:11:40 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.21 23:30:32 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.30 17:54:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 17:54:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 17:54:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.10 10:39:56 | 000,315,280 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.05.10 02:11:02 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.21 04:06:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.03.08 19:00:36 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.03.08 18:59:42 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.03.08 18:59:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.03.08 18:58:54 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.03.08 18:58:36 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.03.08 18:58:18 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.03.08 18:58:00 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.03.08 18:57:42 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.15 02:41:34 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.01.20 17:14:34 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.14 07:49:22 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.09.02 05:46:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 85 17 1C 8C 1A CE 01 [binary data] IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2158937820-389581725-1849044165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3290520.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultthis.engineName: "Instagrille Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290520&CUI=UN99155127212582199&UM=2&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.14 FF - prefs.js..extensions.enabledAddons: %7B341f4dac-1966-47ff-aacf-0ce175f1498a%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290520&SearchSource=2&CUI=UN99155127212582199&UM=&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.03.15 16:25:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 20:17:00 | 000,000,000 | ---D | M] [2013.03.03 00:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Extensions [2013.05.21 22:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Firefox\Profiles\wdhagata.default\extensions [2013.05.21 22:15:29 | 000,000,000 | ---D | M] (MyFreeGames) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\Firefox\Profiles\wdhagata.default\extensions\{341f4dac-1966-47ff-aacf-0ce175f1498a} [2013.05.21 22:15:22 | 000,868,550 | ---- | M] () (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.09 20:21:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.15 16:26:03 | 000,000,999 | ---- | M] () -- C:\Users\Amokcaptain\AppData\Roaming\mozilla\firefox\profiles\wdhagata.default\searchplugins\conduit.xml [2013.05.21 20:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.21 20:17:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2158937820-389581725-1849044165-1000..\Run: [SearchProtect] C:\Users\Amokcaptain\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\RunOnce: [SymInstallStub] C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe (Symantec Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E75E205-DF81-4D81-B117-8C672A5DDE19}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\bjmyprt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cnmnsst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cnmnsu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cnsemain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\images2pdf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\kiesagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\kiessetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pcee4d.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pcee4l.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdf architect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdfcreator-1_6_2_2_setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bjmyprt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cnmnsst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cnmnsu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cnsemain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\images2pdf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\kiesagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\kiessetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pcee4d.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pcee4l.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdf architect.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdfcreator-1_6_2_2_setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{788d4147-83a2-11e2-97c2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{788d4147-83a2-11e2-97c2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun\AutoRunX\AutoRunX.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 20:40:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe [2013.05.21 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck [2013.05.21 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hardcopy [2013.05.21 22:38:02 | 001,707,520 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [2013.05.21 22:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.21 22:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.05.21 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.05.21 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.21 21:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.21 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.21 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\AppData\Roaming\vlc [2013.05.21 20:45:55 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\AppData\Roaming\Malwarebytes [2013.05.21 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.21 20:45:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.21 20:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.21 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.21 20:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013.05.21 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.05.21 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.05.20 23:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\40ADFDCB6B979084000040ADBD279A70 [2013.05.15 17:09:57 | 000,000,000 | ---D | C] -- C:\SearchProtect [2013.05.07 18:17:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.03 18:10:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX [2013.05.01 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\Amokcaptain\Desktop\Carina [2013.04.24 18:50:36 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS ========== Files - Modified Within 30 Days ========== [2013.05.22 20:40:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 20:40:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 20:40:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 20:40:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 20:40:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 20:40:04 | 000,000,000 | ---- | M] () -- C:\Users\Amokcaptain\defogger_reenable [2013.05.22 20:34:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 20:34:45 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 20:33:04 | 000,000,638 | ---- | M] () -- C:\Windows\tasks\Norton Product Installer.job [2013.05.22 14:43:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amokcaptain\Desktop\OTL.exe [2013.05.22 14:42:52 | 000,050,477 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Defogger.exe [2013.05.21 23:31:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.21 23:30:32 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013.05.21 22:38:19 | 000,002,367 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2013.05.21 22:16:51 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.05.21 21:49:30 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 21:49:30 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 21:43:38 | 000,000,646 | -H-- | M] () -- C:\Windows\tasks\Norton Product InstallerIdle.job [2013.05.21 21:11:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.21 20:51:35 | 000,002,078 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.21 20:51:35 | 000,002,007 | ---- | M] () -- C:\Users\Amokcaptain\Desktop\Avira DE-Cleaner.lnk [2013.05.21 20:45:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 20:25:30 | 000,001,032 | ---- | M] () -- C:\Windows\SysNative\.crusader [2013.05.16 18:12:45 | 001,541,120 | ---- | M] () -- C:\Users\Amokcaptain\Documents\Outlook.pst [2013.05.16 08:13:53 | 000,417,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 18:17:06 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files Created - No Company Name ========== [2013.05.22 20:40:04 | 000,000,000 | ---- | C] () -- C:\Users\Amokcaptain\defogger_reenable [2013.05.22 20:39:25 | 000,050,477 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Defogger.exe [2013.05.21 23:30:32 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013.05.21 22:38:19 | 000,002,367 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2013.05.21 21:11:46 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.21 20:51:35 | 000,002,078 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.21 20:51:35 | 000,002,007 | ---- | C] () -- C:\Users\Amokcaptain\Desktop\Avira DE-Cleaner.lnk [2013.05.21 20:45:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 20:41:05 | 000,000,638 | ---- | C] () -- C:\Windows\tasks\Norton Product Installer.job [2013.05.21 20:41:04 | 000,000,646 | -H-- | C] () -- C:\Windows\tasks\Norton Product InstallerIdle.job [2013.05.21 20:25:30 | 000,001,032 | ---- | C] () -- C:\Windows\SysNative\.crusader [2013.05.21 20:12:34 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.04.04 22:33:53 | 000,024,862 | ---- | C] () -- C:\Users\Amokcaptain\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2013.03.06 18:57:09 | 000,007,609 | ---- | C] () -- C:\Users\Amokcaptain\AppData\Local\Resmon.ResmonCfg [2013.03.02 20:56:30 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.03.02 20:56:26 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.03.02 20:56:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.03.02 20:56:09 | 013,026,304 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.12.08 17:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.15 22:36:06 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Canon [2013.03.15 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\OpenCandy [2013.03.15 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\PDF Architect [2013.03.15 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\pdfforge [2013.04.02 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Samsung [2013.03.15 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\SearchProtect [2013.03.04 00:15:10 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\TuneUp Software [2013.03.15 16:25:28 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Uniblue [2013.03.06 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Amokcaptain\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 20:41:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amokcaptain\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,84 Gb Total Physical Memory | 7,09 Gb Available Physical Memory | 90,47% Memory free 15,68 Gb Paging File | 14,96 Gb Available in Paging File | 95,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,54 Gb Total Space | 578,02 Gb Free Space | 82,75% Space Free | Partition Type: NTFS Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,51% Space Free | Partition Type: FAT32 Computer Name: AMOKCAPTAIN-PC | User Name: Amokcaptain | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit) "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client "{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.32 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.32 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "Elantech" = ETDWare PS/2-X64 11.6.4.001_WHQL "HitmanPro37" = HitmanPro 3.7 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung "Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Counter-Strike 1.6 V40.1" = Counter-Strike 1.6 V40.1 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Hardcopy" = Hardcopy "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "SearchProtect" = Search Protect by conduit "Secunia PSI" = Secunia PSI (3.0.0.6005) "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.6 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.04.2013 17:40:09 | Computer Name = Amokcaptain-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 02.04.2013 17:40:09 | Computer Name = Amokcaptain-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 04.04.2013 16:07:30 | Computer Name = Amokcaptain-PC | Source = .NET Runtime | ID = 1026 Description = Error - 04.04.2013 16:07:32 | Computer Name = Amokcaptain-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1273, Zeitstempel: 0x51540dda Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften Prozesses: 0x60b0 Startzeit der fehlerhaften Anwendung: 0x01ce317000d7f42e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Kies\Kies.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4826a217-9d63-11e2-9ffb-7054d2cb0210 Error - 04.04.2013 18:22:07 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002 Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 97cc Startzeit: 01ce317cb5cb6b16 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 0cff0152-9d76-11e2-9ffb-7054d2cb0210 Error - 04.04.2013 18:31:31 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002 Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9a60 Startzeit: 01ce3182d7b32e48 Endzeit: 0 Anwendungspfad: C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE Berichts-ID: 5f261cdf-9d77-11e2-9ffb-7054d2cb0210 Error - 07.04.2013 17:27:46 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002 Description = Programm OUTLOOK.EXE, Version 14.0.6131.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5608 Startzeit: 01ce33c42171f629 Endzeit: 11 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: f35bfa94-9fc9-11e2-9d6b-7054d2cb0210 Error - 14.04.2013 03:55:52 | Computer Name = Amokcaptain-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.6005, Zeitstempel: 0x51139458 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00048611 ID des fehlerhaften Prozesses: 0x83c Startzeit der fehlerhaften Anwendung: 0x01ce3825a6573067 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Secunia\PSI\PSIA.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: b9d6eb41-a4d8-11e2-8741-7054d2cb0210 Error - 15.05.2013 11:09:56 | Computer Name = Amokcaptain-PC | Source = CltMngSvc | ID = 1000 Description = Error - 21.05.2013 15:19:36 | Computer Name = Amokcaptain-PC | Source = Application Hang | ID = 1002 Description = Programm Kies.Update.exe, Version 1.0.0.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 112c Startzeit: 01ce565715f6fc48 Endzeit: 0 Anwendungspfad: C:\Users\Amokcaptain\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe Berichts-ID: 58f0d047-c24b-11e2-9e84-7054d2cb0210 [ System Events ] Error - 22.05.2013 14:35:02 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 22.05.2013 14:35:02 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 22.05.2013 14:35:04 | Computer Name = Amokcaptain-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb avkmgr discache spldr Wanarpv6 Error - 22.05.2013 14:35:19 | Computer Name = Amokcaptain-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Program Files (x86)\Atheros\AthIhvWlanExt.dll Fehlercode: 21 Error - 22.05.2013 14:37:21 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = Error - 22.05.2013 14:37:29 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = Error - 22.05.2013 14:37:31 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = Error - 22.05.2013 14:37:32 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = Error - 22.05.2013 14:39:07 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = Error - 22.05.2013 14:39:07 | Computer Name = Amokcaptain-PC | Source = DCOM | ID = 10005 Description = < End of report > GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-22 21:20:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: gmer_2.1.19163.exe; Driver: C:\Users\AMOKCA~1\AppData\Local\Temp\fwlorpog.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a11bfda Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a11bfda (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 44544 bytes executable File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 16896 bytes executable File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 54272 bytes executable File C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui 35328 bytes executable File C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui 15360 bytes executable File C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui 46592 bytes executable ---- EOF - GMER 2.1 ---- Die beiden Funde in der Registry könnten die Ursache für die Downloadsperre sein. Wie kann ich die jetzt noch vorhandenen Funde beseitigen? Code:
ATTFilter HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : AMOKCAPTAIN-PC Windows . . . . . . . : 6.1.1.7601.X64/8 Safe Mode Boot . . . : NETWORK User name . . . . . . : Amokcaptain-PC\Amokcaptain UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-21 20:12:34 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 33s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 6 Traces . . . . . . . : 65 Objects scanned . . . : 1.387.667 Files scanned . . . . : 17.840 Remnants scanned . . : 342.772 files / 1.027.055 keys Suspicious files ____________________________________________________________ C:\ProgramData\40ADFDCB6B979084000040ADBD279A70\40ADFDCB6B979084000040ADBD279A70.exe Size . . . . . . . : 434.176 bytes Age . . . . . . . : 0.9 days (2013-05-20 23:16:53) Entropy . . . . . : 7.9 SHA-256 . . . . . : 2E8D2CC999368EA0D81B72520B94266568588A7A2BF6C8577165D537FB070586 Gossip . . . . . . : System Care Antivirus Fuzzy . . . . . . : 32.0 This file was most recently added as automatic startup. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. Uses the Windows Registry to run each time the user logs on. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. The file appears to be part of an installation package or setup program. This is typical for most programs. Startup HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\40ADFDCB6B979084000040ADBD279A70 References C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk C:\Users\Amokcaptain\Desktop\System Care Antivirus.lnk Malware remnants ____________________________________________________________ C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\L\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$1ebff879fa298d5bce61462d35ba6459\U\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\L\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-2158937820-389581725-1849044165-1000\$1ebff879fa298d5bce61462d35ba6459\U\ (ZeroAccess) -> Deleted Cookies _____________________________________________________________________ C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\0VHEXKQU.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\2HU3EQ9J.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\33CG7O9N.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\ADF42ODE.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\amokcaptain@apmebf[2].txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\EI1UAOOE.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\I85QCI3R.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\KJSCA6G9.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\NF1OJC0Y.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\Q9JKG5KO.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\T800X2G5.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\W2YZP2RZ.txt C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Cookies\Z1DUNBCB.txt C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.12mnkys.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.360yield.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.ad-srv.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.adc-serv.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.dyntracker.de C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.yieldmanager.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:ad.zanox.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:adtech.de C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:apmebf.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:atdmt.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:bs.serving-sys.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:c.atdmt.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:c1.atdmt.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:conrad.122.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:cunda.122.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:de.sitestat.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:deutschepostag.112.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:doubleclick.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:eas.apm.emediate.eu C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:fastclick.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:invitemedia.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:mediaplex.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:microsoftsto.112.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:msnportal.112.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:opodo.122.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:revsci.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:serving-sys.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:sonyeurope.112.2o7.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:specificclick.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:stat.dealtime.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:statcounter.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:stats.paypal.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:statse.webtrendslive.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.adform.net C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.hubrus.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:track.zalando.de C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:tradedoubler.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:uk.sitestat.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:www.etracker.de C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:www.googleadservices.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:xiti.com C:\Users\Amokcaptain\AppData\Roaming\Mozilla\Firefox\Profiles\wdhagata.default\cookies.sqlite:yadro.ru Code:
ATTFilter HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : AMOKCAPTAIN-PC Windows . . . . . . . : 6.1.1.7601.X64/8 Safe Mode Boot . . . : NETWORK User name . . . . . . : Amokcaptain-PC\Amokcaptain UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-21 20:19:57 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 17s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 1.375.271 Files scanned . . . . : 16.028 Remnants scanned . . : 332.162 files / 1.027.081 keys Suspicious files ____________________________________________________________ C:\ProgramData\40ADFDCB6B979084000040ADBD279A70\40ADFDCB6B979084000040ADBD279A70.exe -> Deleted Size . . . . . . . : 434.176 bytes Age . . . . . . . : 0.9 days (2013-05-20 23:16:53) Entropy . . . . . : 7.9 SHA-256 . . . . . : 2E8D2CC999368EA0D81B72520B94266568588A7A2BF6C8577165D537FB070586 Gossip . . . . . . : System Care Antivirus Fuzzy . . . . . . : 32.0 This file was most recently added as automatic startup. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. Uses the Windows Registry to run each time the user logs on. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. The file appears to be part of an installation package or setup program. This is typical for most programs. Startup HKU\S-1-5-21-2158937820-389581725-1849044165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\40ADFDCB6B979084000040ADBD279A70 References C:\Users\Amokcaptain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus\System Care Antivirus.lnk C:\Users\Amokcaptain\Desktop\System Care Antivirus.lnk |
23.05.2013, 11:24 | #4 |
/// Helfer-Team | System Care Antivirus Dein Rechner hat eine Rootkit-Infektion. Mit TuneUp und Norton. Scan mit Combofix
|
25.08.2013, 20:15 | #5 |
/// Helfer-Team | System Care Antivirus Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu System Care Antivirus |
adobe, anti-malware, antivirus, chip.de, datei, fehlermeldung, forum, gelöscht, java, laptop, löschen, malwarebytes, probleme, programme, rechner, schädlinge, secunia psi, server, sicherheit, start, system, system care, system care antivirus, system care antivirus entfernen, updates, viren |