|
Plagegeister aller Art und deren Bekämpfung: CouponDropDown VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2013, 14:56 | #1 |
| CouponDropDown Virus Hallo, seit etwa einer Woche plage ich mich nun schon mit dem sogenannten "CouponDropDown Virus" herum. (Hier eine kurze Erklärung: hxxp://www.2-removevirus.com/de/entfernen-coupondropdown-virus/ ) Da er meinen PC extrem verlangsamt, bin es nun langsam leid, dass ich ihn nicht loswerde. Mein McAffee entdeckt ihn nicht und die Programme, wie SpyHunter oder Spyware Terminator 2012, die den Virus angeblich erkennen sollen, löschen diesen nur wenn man die Vollversion kauft. Klingt aber irgendwie nach Geldabzocke, dieser Virus. Ich habe im Internet noch 2 weitere Möglichkeiten gefunden, durch die der Virus angeblich gelöscht werden soll - dennoch funktionieren beide bei mir nicht. Das wäre zum 1. bei Google Chrome über Tools -> Erweiterungen und dort "CouponDropDown" entfernen. Diese Variante konnte ich nicht durchführen, weil es die sog. Erweiterung bei mir nicht gab. Dasselbe Problem hatte ich bei der 2. Variante: "Remove browser Hijacks Note: All your browsers will likely be hooked by the adware. As a result, you have to remove the CouponDropDown extension or add-on in each browser. You may or may not have the following add-ons. If you do, remove them as well. CouponDropDown FBPhotoZoom GoPhoto.it HDvid Codec IB Updater OneClickDownload OneClickDownloader Online HD TV PutLockerDownloader StartNow TornTV TorrentHandler Yontoo ZoomIt" (hxxp://malwaretips.com/Thread-How-to-remove-CouponDropDown-Uninstall-Guide) Nicht ein einziges von diesen Programmen fand ich. -Ich hoffe ich habe jetzt alles wichtiges erwähnt. Freue mich über Hilfe! MfG Soph6297 |
04.07.2013, 15:05 | #2 |
/// Malware-holic | CouponDropDown Virus Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
04.07.2013, 17:08 | #3 |
| CouponDropDown Virus Hallo!
__________________Danke für die schnelle Hilfe OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2013 16:17:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mustermann\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,51% Memory free 3,98 Gb Paging File | 2,50 Gb Available in Paging File | 62,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,59 Gb Total Space | 137,64 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: MUSTERMANNS-PC | User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mustermann\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Windows\System32\jmdp\stij.exe () PRC - C:\Windows\System32\dmwu.exe () PRC - C:\Programme\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\mcafee\systemcore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Programme\Bamboo Dock\BambooCore.exe () PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.) PRC - C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\mcafee\core\mchost.exe (McAfee, Inc.) PRC - C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Programme\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Atheros\Ath_CoexAgent.exe (Atheros) PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.) PRC - C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications) PRC - C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Programme\Atheros\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.) PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\System32\jmdp\stij.exe () MOD - C:\Windows\System32\jmdp\lmrn.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\System32\jmdp\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Bamboo Dock\BambooCore.exe () MOD - C:\Programme\Bamboo Dock\BambooWinTab.dll () MOD - C:\Programme\Tablet\Pen\libxml2.dll () MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll () MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll () MOD - C:\Programme\Dell\duo Stage\QtGui4.dll () MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Dell\duo Stage\QtSql4.dll () MOD - C:\Programme\Dell\duo Stage\QtCore4.dll () MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll () MOD - C:\Programme\Dell\duo Stage\QtXml4.dll () MOD - C:\Programme\Dell\duo Stage\kgl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe () SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.) SRV - (AdobeActiveFileMonitor11.0) -- C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Atheros\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.) SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (McAWFwk) -- c:\Programme\McAfee\msc\McAWFwk.exe (McAfee, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wacomvhid) -- system32\DRIVERS\wacomvhid.sys File not found DRV - (wacommousefilter) -- system32\DRIVERS\wacommousefilter.sys File not found DRV - (mfeavfk01) -- File not found DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (WacHidRouter) -- C:\Windows\System32\drivers\wachidrouter.sys (Wacom Technology) DRV - (hidkmdf) -- C:\Windows\System32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider) DRV - (wacomrouterfilter) -- C:\Windows\System32\drivers\wacomrouterfilter.sys (Wacom Technology) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AX88178) -- C:\Windows\System32\drivers\ax88178.sys (ASIX Electronics Corp.) DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation) DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {2DFABFBF-D2BD-4C9D-A6E9-746AD71AF001} IE - HKLM\..\SearchScopes\{2DFABFBF-D2BD-4C9D-A6E9-746AD71AF001}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.neopets.com/index.phtml IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyXGrdoBl&i=26 IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes\{EEB58F62-A789-46C8-B604-D53ADCF995DB}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013.07.02 02:07:35 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.07.02 02:06:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.07.02 02:06:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.07.02 02:07:11 | 000,000,000 | ---D | M] [2012.03.04 00:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\npbrowserext.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: hxxp://iumen.deviantart.com/art/Artist-Switch = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjdglknfedaglpkidjhikljomnapnho\2013.6.6.45291_0\ CHR - Extension: YouTube = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: IB Updater = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\ CHR - Extension: New Tab for Chrome = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Google Mail = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC) O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A328656F-58B9-4C95-A9BB-A858ACCD8DF3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2568eefe-e8f9-11e1-ba48-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{2568eefe-e8f9-11e1-ba48-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{2568ef14-e8f9-11e1-ba48-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{2568ef14-e8f9-11e1-ba48-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{720ddab4-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddab4-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{720ddab8-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddab8-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{720ddae7-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddae7-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{720ddaed-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddaed-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{720ddb0f-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddb0f-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{720ddb13-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{720ddb13-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell - "" = AutoRun O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell\setup\command - "" = D:\setup.exe O33 - MountPoints2\{fad1d874-a025-11e1-adb5-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{fad1d874-a025-11e1-adb5-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{fad1d87d-a025-11e1-adb5-e0b9a51263aa}\Shell - "" = AutoRun O33 - MountPoints2\{fad1d87d-a025-11e1-adb5-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\D\Shell\setup\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Dell\duo Stage\PinItem.vbs" ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 14:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.07.04 14:02:36 | 000,000,000 | R--D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.07.03 17:48:07 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\WTablet [2013.07.03 12:01:32 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.07.03 12:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2013.07.02 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills [2013.07.02 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Purplehills [2013.07.02 21:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Wildlife Park 2 - Abenteuer auf der Ranch [2013.07.02 21:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2013.07.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Wildlife Park 2 [2013.07.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 [2013.07.01 07:26:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Spyware Terminator [2013.07.01 07:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.07.01 07:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.07.01 07:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013.06.30 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.06.30 20:21:20 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.06.30 20:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.11 21:07:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom [2013.06.10 17:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.06.10 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.06.10 14:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [1 C:\Users\Mustermann\Desktop\*.tmp files -> C:\Users\Mustermann\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 16:42:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job [2013.07.04 16:33:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 14:09:33 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 14:09:33 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 14:01:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.07.04 14:01:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.07.04 14:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.04 14:00:27 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2013.07.03 21:18:33 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job [2013.07.03 12:08:56 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk [2013.07.02 10:59:09 | 000,002,375 | ---- | M] () -- C:\Users\Mustermann\Desktop\Google Chrome.lnk [2013.06.16 17:52:40 | 000,901,752 | ---- | M] () -- C:\Users\Mustermann\Desktop\Stolpersteine.png [2013.06.15 17:09:06 | 000,000,132 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format [2013.06.12 20:42:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.12 20:42:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.12 20:42:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.12 20:42:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.10 17:34:00 | 000,002,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [1 C:\Users\Mustermann\Desktop\*.tmp files -> C:\Users\Mustermann\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.03 12:08:56 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk [2013.06.16 17:52:34 | 000,901,752 | ---- | C] () -- C:\Users\Mustermann\Desktop\Stolpersteine.png [2013.06.10 14:37:36 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.06.10 14:37:18 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.14 12:20:04 | 000,000,132 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format [2013.01.25 16:54:21 | 000,008,259 | ---- | C] () -- C:\Users\Mustermann\.recently-used.xbel [2012.12.19 20:08:03 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012.12.19 20:08:03 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012.02.03 17:28:26 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2012.02.03 17:28:26 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.07.03 17:58:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.19 18:51:36 | 000,007,168 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2013.07.01 19:44:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.24 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Ambient Design [2013.01.25 23:25:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\com.gugga.radiomini [2013.05.05 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1 [2013.07.04 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\go [2013.07.02 02:08:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\gtk-2.0 [2012.02.03 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PC Suite [2011.07.03 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PCDr [2012.03.29 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PlayFirst [2013.07.02 02:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Primtext [2012.02.03 17:27:35 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2013.07.01 07:26:58 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Spyware Terminator [2012.12.19 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\SYSTEMAX Software Development [2012.12.07 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\TeamViewer [2012.12.12 15:15:20 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wacom [2012.07.20 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2013.07.02 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 [2013.07.02 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.13 13:22:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.07.02 02:06:08 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.19 10:17:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.08 23:28:08 | 000,000,000 | ---D | M] -- C:\Drivers [2011.06.05 05:01:12 | 000,000,000 | ---D | M] -- C:\Intel [2011.07.03 16:50:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.02 22:11:54 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.02 01:10:08 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.06.19 10:17:53 | 000,000,000 | -HSD | M] -- C:\Programme [2013.06.30 20:22:17 | 000,000,000 | ---D | M] -- C:\sh4ldr [2011.06.19 10:50:02 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.07.04 16:32:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.13 15:08:22 | 000,000,000 | ---D | M] -- C:\Temp [2013.07.02 02:13:11 | 000,000,000 | R--D | M] -- C:\Users [2013.07.04 13:58:16 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 23:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2011.09.08 14:48:10 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job [2011.09.08 14:48:10 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job [2013.06.10 14:37:18 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTOR.SYS > [2010.06.08 17:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\drivers\iaStor.sys [2010.06.08 17:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_20f8d1b2e876a71d\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.07.20 13:44:19 | 000,000,002 | ---- | M] () -- C:\Users\Mustermann\.bdockinstall.log [2013.01.25 16:54:21 | 000,008,259 | ---- | M] () -- C:\Users\Mustermann\.recently-used.xbel [2013.07.04 17:48:14 | 002,883,584 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat [2013.07.04 17:48:14 | 000,262,144 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG1 [2011.06.19 10:18:05 | 000,000,000 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG2 [2011.06.19 11:00:50 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011.06.19 11:00:50 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011.06.19 11:00:50 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.07.01 22:25:49 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TM.blf [2013.07.01 22:25:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TMContainer00000000000000000001.regtrans-ms [2013.07.01 22:25:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TMContainer00000000000000000002.regtrans-ms [2011.06.19 10:18:05 | 000,000,020 | -HS- | M] () -- C:\Users\Mustermann\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 16:17:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mustermann\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,51% Memory free 3,98 Gb Paging File | 2,50 Gb Available in Paging File | 62,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,59 Gb Total Space | 137,64 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: MUSTERMANNS-PC | User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07122FFF-7D0E-4282-BC22-EC5EED86F747}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BB83FC6-ECA7-4DEF-B61F-5E498D1A40EB}" = lport=138 | protocol=17 | dir=in | app=system | "{0DFF9405-2C9B-45D2-8D2C-A310CE6FFF20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1EF5769A-D6AD-49EA-9629-86B01A205349}" = lport=445 | protocol=6 | dir=in | app=system | "{218201C2-81F3-47C0-8171-AAE3819E1C92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{40AB3D47-03D7-435C-9A9D-1BEFB6DDF52C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5348A3E6-4FAA-4632-A97F-5F83704F6ABE}" = rport=137 | protocol=17 | dir=out | app=system | "{57C356A2-EB1A-41E8-B630-0C37C0DFBE52}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{5F11058D-CA7F-4656-B7EC-1462AE98F461}" = rport=10243 | protocol=6 | dir=out | app=system | "{669D366C-DCF3-4BD2-BB06-73E1E47541E0}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{6901AB43-08E1-4AD4-890A-45F81CB3A465}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CE525DA-6CFF-43C8-ABAB-B5F9B3D2868F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{80EF0D74-EA40-4033-BA4B-55A295A24126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82F3B916-E40A-4187-80B8-30C71B4D60A5}" = rport=138 | protocol=17 | dir=out | app=system | "{8889A3DD-D5AF-49E3-811E-4117A5688CD9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{90D9A153-3567-4613-876C-1EC069B19726}" = rport=139 | protocol=6 | dir=out | app=system | "{96CE5638-EF03-4D8E-9CC3-9CC05E4D9C2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98C048E5-03A6-4DDD-AE7F-AFB8A4FFB483}" = lport=10243 | protocol=6 | dir=in | app=system | "{A998FE3A-A108-4779-85E1-A5C4F354265F}" = rport=445 | protocol=6 | dir=out | app=system | "{AA55D6EB-FCC9-4898-8196-CE01DBEB4B62}" = lport=139 | protocol=6 | dir=in | app=system | "{CB1CFB88-B9EF-4D97-B511-156C018AAE8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CFB6CA49-DF30-4471-A6D4-E75AC501E708}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{D0D83B1D-DAD5-4CB7-BB66-633E576324BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DBBB60BC-8581-4253-9C1E-1701E4246A54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DE5D5399-0642-4131-89B3-6DD46DDF90F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{F87EA2FE-1AE3-4FE9-BCF6-6EF4D1EFC85C}" = lport=137 | protocol=17 | dir=in | app=system | "{FD6E7BE7-1BD8-4945-9322-74DC609D328C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09170FB6-5A70-457B-9EFB-0413E5EE941A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{0E826D40-FC9A-4B94-8720-737A76A7B81A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{16B03F67-710B-4ED2-B266-E75F888B2053}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{1CF346DF-4616-4356-B964-6613EDB1F18D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{28121647-B58E-492B-A992-5F7EE36B33E7}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{2E6A96C5-2757-45A6-8297-CC2D74384C90}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{30B3898F-8494-4CB8-ABC5-81BE0D1FB605}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{33FF3D45-B798-4C9B-A760-A23305D34E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{452C79FA-C22E-4240-9581-06F787014D7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4824EA28-0247-4C4D-BE12-6871900CDF47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{49039E79-C2D3-443B-960F-38E5EDDD75B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4950184B-39C1-46D0-940B-9150CE3BB835}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{4D9EF57C-809B-4C53-A6FB-74F781E02241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4F6DBB45-F8ED-4511-A994-FB4EAD9E4EB9}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{5A39AEB3-7B26-4A2C-AF38-7FB2A4A7280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6474D954-8F8B-4833-A2FE-4A575D918E23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68D6EE7A-52E7-4A40-8DD9-CD6C6A94E548}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{817D5384-B20D-4288-9CF8-A22996D33BC5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8FE35A85-9829-4548-B547-7CE2CBC6B9BE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{97ECC1B8-5ACA-4AA2-A868-165BFF85E4AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9C379598-00B5-4944-88B7-15ED848D5C40}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A4A47622-C4E4-4415-9890-2EF372056CFD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B0EC86A5-3F9C-43D9-B22B-F1CB037F8A44}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{B3B994D5-98B1-4B50-A9BA-33962DE62969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BD0E34C8-9E4B-4715-8A37-12F93A887616}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BE070EBD-8D90-485B-B60E-1F8B2C5DE78F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BED52022-72AF-4B6D-8DDD-D84C5B9D283C}" = protocol=6 | dir=out | app=system | "{D0279614-00A1-4BCA-ADD8-221B55558B84}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "{D37EFA4B-9D7B-4D94-B6BE-81A15224BD34}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | "{D683096D-A71F-4BD5-A72B-7ECA18BB69FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DBD6D2EB-05EF-4EF0-8E94-D029514A0FD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DFF105E7-541D-47F2-8269-6D758FEC880D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E45E2A50-DD81-4BE9-9801-3F049EBF193F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{E5B22977-4720-4AE1-9196-9D0740216366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E6598143-6CC0-4303-B3E6-C1AE61CA5F53}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E6863162-E6F1-48B8-819C-10AFD625D480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E755FF01-15CD-46B7-8867-49E82C5C8EAA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{ED4CCBEE-03C8-4046-A4FB-42E47EC1996D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EEDCE3FC-322B-4AAD-9C9E-4B4B86F1064D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F6886979-02AC-46AD-9FAB-70AFC476A52D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{FFD0F031-DA78-43BB-A3DC-C7B79A7AA848}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "TCP Query User{257C8F15-00AD-4A99-A4B6-FC701ED5B0C1}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{5558EC8A-FC0C-400F-940B-E0CB76AFF8D6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{E2651483-BBF9-4EB5-BC92-39AA5A11D12F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{8A795E0D-5CA8-4D78-A26E-8A42FB3E9183}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{8B414ACB-D7F4-429B-B238-D2D4891B7D58}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{F4BB5DB4-3C2C-4874-8F6F-E6129BFE96C0}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{068E5E60-C039-4706-AB3D-F9589B8BACA2}" = WolfQuest "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.575 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F92C742-08BE-9C7A-DF0C-3E1CD06C46C2}" = Sumo Paint Bamboo 2.2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial "{7082E27E-2637-4ED5-9156-E19B57A3B5B0}" = ArtRage Studio Pro "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B70C64B3-0F06-4A9C-900E-CF95CBD5B9FA}" = Primtext "{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "{BEBD8B5B-2EC8-6489-1585-47B78EA6832A}" = Bamboo Dock "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer "{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote "{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FD271FAB-2F69-6983-A6A4-828F357940C4}" = Livebrush Mini "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Bamboo Dock" = Bamboo Dock "Cellosoft JTablet 2" = Cellosoft JTablet 1.2.5-alpha "Christmas Magic" = Christmas Magic "CNXT_AUDIO_HDA" = Conexant HD Audio "com.gugga.radiomini" = MoodTuner "com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini "com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1" = Sumo Paint Bamboo 2.2 "Dell Webcam Central" = Dell Webcam Central "EADM" = EA Download Manager "eyrie_screensaver" = eyrie_screensaver "FarmFrenzy" = FarmFrenzy "Fiesta Online DE" = Fiesta Online DE 1.04.053 "HDMI" = Intel(R) Graphics Media Accelerator Driver "incredibar" = Incredibar Toolbar on IE "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MSC" = McAfee SecurityCenter "PaintToolSAI" = PaintTool SAI Ver.1 "Pen Tablet Driver" = Wacom "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold! "softonic" = Softonic toolbar on IE and Chrome "SRS Premium Sound APO for Conexant USB Audio" = SRS Premium Sound APO for Conexant USB Audio "STANDARD" = Microsoft Office Standard 2007 "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "SynTPDeinstKey" = Synaptics Pointing Device Driver "TSR Watermark Image - Free version_is1" = TSR Watermark Image software version 2.3.4.1 - Free version "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WNLT" = IB Updater Service "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = GameXN GO "Google Chrome" = Google Chrome "JoinMe" = join.me ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.03.2013 08:47:37 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 05.03.2013 08:55:12 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 06.03.2013 10:17:04 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 07.03.2013 10:29:38 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 07.03.2013 15:55:03 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 08.03.2013 08:57:00 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 09.03.2013 06:46:22 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2013 06:21:44 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2013 15:59:43 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2013 10:06:40 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 05.07.2011 14:04:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.07.2011 14:04:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.07.2011 14:14:54 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 05.07.2011 14:14:54 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 06.07.2011 13:46:24 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 06.07.2011 13:46:24 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 09.07.2011 14:42:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 09.07.2011 14:42:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.07.2011 08:42:06 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 13.07.2011 08:42:06 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ Media Center Events ] Error - 19.06.2011 12:46:04 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 18:46:04 - Fehler beim Herstellen der Internetverbindung. 18:46:04 - Serververbindung konnte nicht hergestellt werden.. Error - 05.07.2011 13:56:07 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 19:55:57 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) Error - 14.07.2011 07:46:18 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 13:46:18 - Fehler beim Herstellen der Internetverbindung. 13:46:18 - Serververbindung konnte nicht hergestellt werden.. Error - 14.07.2011 07:46:30 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 13:46:23 - Fehler beim Herstellen der Internetverbindung. 13:46:23 - Serververbindung konnte nicht hergestellt werden.. Error - 02.08.2011 05:39:02 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 11:39:02 - Fehler beim Herstellen der Internetverbindung. 11:39:02 - Serververbindung konnte nicht hergestellt werden.. Error - 02.08.2011 05:39:14 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 11:39:07 - Fehler beim Herstellen der Internetverbindung. 11:39:07 - Serververbindung konnte nicht hergestellt werden.. Error - 22.08.2011 06:37:01 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0 Description = 12:36:59 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ OSession Events ] Error - 14.10.2011 15:21:40 | Computer Name = Mustermanns-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 676 seconds with 540 seconds of active time. This session ended with a crash. Error - 08.04.2012 16:32:30 | Computer Name = Mustermanns-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3763 seconds with 300 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.07.2013 08:01:56 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102 Description = Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102 Description = Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102 Description = Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 < End of report > MfG
__________________ |
04.07.2013, 17:22 | #4 |
/// Malware-holic | CouponDropDown Virus Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.07.2013, 22:06 | #5 |
| CouponDropDown Virus Weiter gehts: PHP-Code:
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
05.07.2013, 14:34 | #6 |
/// Malware-holic | CouponDropDown Virus Hi, Scan mit Combofix
__________________ --> CouponDropDown Virus |
05.07.2013, 15:20 | #7 |
| CouponDropDown Virus Jetzt ergibt sich ein kleines Problem. Nachdem ich die Installation bestätigt habe, tauchte ein grauer Kasten mit grauen Balken auf. Als dieser bei 100% war, erschien zunächst ein weiteres Fenster, mit Ladebalken und einer grünen Schrift auf schwarzen Untergrund. Als der Ladebalken etwa zur Hälfte voll war, öffnete sich ein weiteres Fenster, wo mir gesagt wurde, das ... von 10 Ordnern gespeichert werden. Danach war plötzlich Schluss und es kam diese Meldung: "Du kannst Combofix nicht in 196290~1 umbenennen. Bitte nutze einen anderen Namen. Vorzugsweise aus alphabetischen Zeichen bestehend." Auf meinen Desktop habe ich nun folgende Software: Continue Download helper Installation Optimizer Pro Wo liegt mein Fehler? vG
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
05.07.2013, 15:44 | #8 |
/// Malware-holic | CouponDropDown Virus hast du combofix ausgeführt wie ganggeben? lösche es und versuchs noch malb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.07.2013, 17:31 | #9 |
| CouponDropDown Virus Es hat geklappt. Habe alles gelöscht und den Download noch einmal durchgeführt. Combofix Logfile: Code:
ATTFilter ComboFix 13-07-04.01 - Mustermann 05.07.2013 16:56:34.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2036.1117 [GMT 2:00] ausgeführt von:: c:\users\Mustermann\Downloads\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPly.xpi c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyIE64.dll c:\program files\DealPly\DealPlyUpdateVer.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\windows\system32\pt c:\windows\system32\pt\Lagoon.resources.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-05 bis 2013-07-05 )))))))))))))))))))))))))))))) . . 2013-07-05 16:04 . 2013-07-05 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-05 14:00 . 2013-07-05 14:00 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Delta 2013-07-05 14:00 . 2013-07-05 14:00 -------- d-----w- c:\users\Mustermann\AppData\Local\Wajam 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\users\Mustermann\AppData\Local\DealPlyLive 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\program files\DealPlyLive 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\programdata\DealPlyLive 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\users\Mustermann\AppData\Local\Programs 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\users\Mustermann\AppData\Local\Babylon 2013-07-05 13:59 . 2013-07-05 14:00 -------- d-----w- c:\program files\Wajam 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Dealply 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\programdata\Babylon 2013-07-05 13:59 . 2013-07-05 13:59 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Babylon 2013-07-03 15:48 . 2013-07-03 15:48 -------- d-----w- c:\users\Mustermann\AppData\Roaming\WTablet 2013-07-02 20:11 . 2013-07-02 20:11 -------- d-----w- c:\program files\Purplehills 2013-07-02 19:46 . 2013-07-02 19:46 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch 2013-07-02 19:46 . 2013-07-02 19:46 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Wildlife Park 2 2013-07-01 20:20 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-01 20:20 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-07-01 18:17 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-07-01 18:17 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-07-01 18:16 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-07-01 18:15 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe 2013-07-01 18:15 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-07-01 18:15 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-01 18:15 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-01 18:15 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll 2013-07-01 18:14 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-07-01 18:14 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-01 18:14 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-01 18:14 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-07-01 05:26 . 2013-07-02 00:04 -------- d-----w- c:\programdata\Spyware Terminator 2013-07-01 05:26 . 2013-07-01 05:26 -------- d-----w- c:\users\Mustermann\AppData\Roaming\Spyware Terminator 2013-07-01 05:26 . 2013-07-02 00:04 -------- d-----w- c:\program files\Spyware Terminator 2013-06-30 18:21 . 2013-06-30 18:21 110080 ----a-r- c:\users\Mustermann\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe 2013-06-30 18:21 . 2013-06-30 18:22 -------- d-----w- C:\sh4ldr 2013-06-30 18:21 . 2013-06-30 18:21 -------- d-----w- c:\program files\Enigma Software Group 2013-06-10 12:37 . 2013-07-02 00:07 -------- d-----w- c:\programdata\McAfee Security Scan 2013-06-10 12:37 . 2013-07-02 00:07 -------- d-----w- c:\program files\McAfee Security Scan . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 19:52 . 2013-02-17 14:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 19:52 . 2011-07-30 12:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-11 10:29 . 2013-05-11 10:29 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-11 10:29 . 2013-05-11 10:29 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-05-11 10:29 . 2013-05-11 10:29 158720 ----a-w- c:\windows\system32\msls31.dll 2013-05-11 10:29 . 2013-05-11 10:29 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-05-11 10:29 . 2013-05-11 10:29 138752 ----a-w- c:\windows\system32\wextract.exe 2013-05-11 10:29 . 2013-05-11 10:29 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-05-11 10:29 . 2013-05-11 10:29 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-05-11 10:29 . 2013-05-11 10:29 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-11 10:29 . 2013-05-11 10:29 12800 ----a-w- c:\windows\system32\mshta.exe 2013-05-11 10:29 . 2013-05-11 10:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-11 10:29 . 2013-05-11 10:29 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-11 10:29 . 2013-05-11 10:29 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-11 10:29 . 2013-05-11 10:29 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-05-11 10:29 . 2013-05-11 10:29 361984 ----a-w- c:\windows\system32\html.iec 2013-05-11 10:29 . 2013-05-11 10:29 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-11 10:29 . 2013-05-11 10:29 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-11 10:29 . 2013-05-11 10:29 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-13 04:45 . 2013-05-15 15:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 15:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 13:45 . 2013-04-24 13:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 05:18 . 2013-05-15 15:58 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 05:18 . 2013-05-15 15:58 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 03:14 . 2013-05-15 16:04 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-04-07 08:54 . 2012-12-19 18:08 1156400 ----a-w- c:\windows\system32\dmwu.exe 2013-04-07 08:52 . 2012-12-19 18:08 27136 ----a-w- c:\windows\system32\ImHttpComm.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2013-01-29 13:29 170840 ----a-w- c:\program files\IB Updater\Extension32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-01-11 14:29 241872 ----a-w- c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2012-02-03 102400] "GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2012-04-05 347008] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-25 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-25 150552] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 486560] "AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 302240] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216] "Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-12-12 646744] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Del18859101"="del" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe -bgr [2010-10-22 1022016] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 148000] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384] R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 47104] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008] R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 148000] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 11680] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 198904] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-25 191008] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 70048] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 13728] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-01 1343400] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-23 171600] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-12-28 135168] S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 56480] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760] S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-04-07 1156400] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2013-05-02 109064] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 528256] S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 34976] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 258720] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 24736] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 175776] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 49312] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 141088] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 239776] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] S3 LSM303DLH;STMicroelectronics™ 3-Achs Beschleunigungssensor/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080] S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - FSUSBEXDISK *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . Inhalt des "geplante Tasks" Ordners . 2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 19:52] . 2013-07-05 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job - c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 13:59] . 2013-07-05 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job - c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 13:59] . 2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job - c:\users\Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:47] . 2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job - c:\users\Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=1060E0B9A51263AA&affID=119357&tt=040713_ctrl&tsp=4934 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files\DealPly\DealPlyIE.dll Toolbar-Locked - (no file) Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll HKLM-Run-NPSStartup - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe AddRemove-PaintToolSAI - c:\users\Mustermann\Desktop\PaintToolSAI\uninst.exe AddRemove-Santa Claus in trouble ... gold! - d:\progra~1\SANTAC~1.GOL\UNINST~1\UNWISE.EXE . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-05 18:11:43 ComboFix-quarantined-files.txt 2013-07-05 16:11 . Vor Suchlauf: 11 Verzeichnis(se), 148.268.077.056 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 165.945.049.088 Bytes frei . - - End Of File - - 71F9F38FF4F9A2DBC4EC349C2EDE748B 5C616939100B85E558DA92B899A0FC36 [/PHP] Ich war mir nicht sicher, wie ich Code-Tags erstelle... MfG
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
05.07.2013, 17:37 | #10 |
/// Malware-holic | CouponDropDown Virus Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.07.2013, 09:38 | #11 |
| CouponDropDown Virus Fertig, nach 8 Std: PHP-Code:
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
06.07.2013, 12:28 | #12 |
/// Malware-holic | CouponDropDown Virus Sorry, das dauert normalerweise nicht so lang. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.07.2013, 14:30 | #13 |
| CouponDropDown Virus Wenn ich es soweit gemacht habe und die Liste gespeichert habe - wo soll ich hinschreiben, ob etwas brauche oder nicht? Die txt Datei editieren? Und wenn ja, soll ich "notwendig,etc." hinter den Name oder hinter die Zahlen schreiben? Bsp. Dell DataSafe Local Backup Dell (hier..) 04.06.2011 9.4.60 (...oder hier?)
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
06.07.2013, 14:31 | #14 |
/// Malware-holic | CouponDropDown Virus ja klar in die txt, hinter die programm version. also zb adobe reader version xy nötig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.07.2013, 14:49 | #15 |
| CouponDropDown Virus Ok, hoffe habe jetzt nichts übersehen. PHP-Code:
__________________ "You can close your eyes to things you don't want to see but you can't close your heart to things you don't want to feel." -Johnny Depp |
Themen zu CouponDropDown Virus |
angeblich, browser, coupondropdown, entdeck, entdeckt, entfernen, erkennen, erklärung, extension, funktionieren, gelöscht, google, hoffe, interne, internet, konnte, kurze, löschen, problem, programme, programmen, spyware, tools, variante, virus, vollversion, woche |