| |
| |||||||
Log-Analyse und Auswertung: Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2013, 12:45
| #1 |
 |  Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. Hallo, ich habe hier auf einem Netbook einen BKA bzw. GVU-Trojaner. Da der Abgesichertenmodus noch ging, habe ich ein paar Scans gemacht (OLT, GMER, FRST). Da war Trend Micro Internet Security drauf, also wieso hat sich da der Trojaner eingenistet ? Kriegt man das Ding irgendwie runter? Code:
ATTFilter OTL logfile created on: 12.09.2013 12:41:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ani\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free 1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS Computer Name: ANI-PC | User Name: ani | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 22:49:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.03.05 11:52:29 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll MOD - [2013.02.27 22:02:59 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.15 13:41:24 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\2b54822a40e9b08479a79cce0e196af1\System.EnterpriseServices.ni.dll MOD - [2013.01.15 13:41:18 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll MOD - [2013.01.15 13:41:12 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll MOD - [2013.01.15 13:34:46 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.15 13:32:58 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.15 13:32:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.15 13:32:38 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.15 13:31:56 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2009.09.15 20:45:59 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2009.09.15 20:45:59 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009.08.25 09:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\thidwhnakbhftduwajt.bfg -- (Winmgmt) SRV - [2013.06.30 21:11:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2010.01.19 01:31:32 | 001,678,272 | ---- | M] (Discordia Limited) [Auto | Stopped] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator) SRV - [2009.08.22 11:01:00 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2009.08.22 11:01:00 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2009.08.22 11:00:00 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV - [2009.08.22 10:28:00 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) ========== Driver Services (SafeList) ========== DRV - [2009.12.08 20:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.22 11:38:00 | 001,223,832 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint) DRV - [2009.08.22 11:38:00 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp) DRV - [2009.08.22 11:38:00 | 000,225,808 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt) DRV - [2009.08.22 11:38:00 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2009.08.22 11:38:00 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf) DRV - [2009.08.22 11:38:00 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009.08.22 11:38:00 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2009.08.22 11:38:00 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2009.08.22 11:38:00 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt) DRV - [2009.07.30 14:57:40 | 000,107,008 | ---- | M] (BandRich Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\br3gmdm.sys -- (br3gmdm) DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F8 08 50 81 39 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1696E378-D1E9-42B9-9AED-24A1EF1BFF79}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.01.20 12:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ani\AppData\Roaming\mozilla\Extensions [2011.01.20 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.09.14 14:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAD2730-FD19-40C3-883D-E91CADD4F7D1}: DhcpNameServer = 212.23.115.148 212.23.115.132 O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.03.24 09:06:41 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell - "" = AutoRun O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell - "" = AutoRun O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.09.12 12:41:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe [2013.09.12 12:41:11 | 000,000,000 | ---D | C] -- C:\Users\ani\Desktop\_ANTIVIR [2013.08.16 13:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\5372 [2013.08.16 13:16:42 | 000,000,000 | R--D | C] -- C:\Users\ani\Documents\Scanned Documents [2013.08.16 13:16:42 | 000,000,000 | ---D | C] -- C:\Users\ani\Documents\Fax [2009.09.15 20:37:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC486.dll [1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.09.12 12:40:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.09.12 12:39:53 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys [2013.09.12 12:37:31 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.16 17:26:30 | 000,001,414 | ---- | M] () -- C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk [2013.08.16 17:24:37 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.16 15:51:27 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat [1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.16 15:51:27 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat [2013.08.16 15:19:26 | 000,001,097 | ---- | C] () -- C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tjawudtfhbkanhwdiht.lnk [2012.10.12 17:21:31 | 000,017,136 | ---- | C] () -- C:\windows\System32\sasnative32.exe [2010.01.22 21:42:53 | 000,000,110 | ---- | C] () -- C:\Users\ani\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2013 12:41:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ani\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free
1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
Computer Name: ANI-PC | User Name: ani | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B5B6A-415D-470D-B985-E4DBA7226A3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D3D702E-E2A6-4053-8C95-B15A59E46A77}" = rport=445 | protocol=6 | dir=out | app=system |
"{69F3B35F-02B4-45F6-8F49-1C7131DE3D77}" = lport=445 | protocol=6 | dir=in | app=system |
"{78356BC9-0C46-4477-A94E-6E85554B3A4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78D0CE13-E2E0-4CCF-9FA2-5535EC520285}" = lport=137 | protocol=17 | dir=in | app=system |
"{82BCCD95-4DA4-453A-A2B6-81B095010D33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84402423-1A20-4FF3-A47F-56B75E6CEB29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86DE8C28-E126-4101-AE54-DAB8267011B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{907A55E2-E373-423F-8234-9D44001F184B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9340674A-CE7E-4F29-BAC9-B9B28A23888C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{934AAB52-021D-4D2B-B449-AD458F8936F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{93A41E69-D577-460B-AD5A-E3A32D0CC4BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A70D3848-9521-4012-BFAA-7396CCEE18B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD8B456F-5511-4D63-9148-FE947B7CF050}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD5B0FBA-0EFC-430F-8C1D-FFC41B5DB290}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5493B7F-D98E-45E2-9514-D82103BB37B7}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B197A49-A73E-47E3-B309-ACFDB9B146DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BCD06A3-6885-48D5-B990-B13164FAD3A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B2FEFFA-2D73-4257-B226-FF588250AE0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{64313718-B1B4-4E86-AB5F-4249A2F1F363}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7D55EBC5-DB96-428B-97F3-328E219FFEEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88DF8F50-648B-4BC4-A828-D00366BE1301}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{93F53564-F367-4360-AAA4-96DBD12F1615}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A2B5788F-F77E-4F39-BC68-FA5E6FCA7A99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EAD65076-89F6-4920-A732-1B6D8C810E95}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EB6F5F1F-B052-46FC-8A70-6FE065AB63AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8055864-2F90-409B-97A6-61E3DEAECF3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{13AC81CD-F6F0-4195-B89C-FA024D906EF4}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{CB714EF5-5CC6-4B48-A373-12AC0DD1DAFE}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{BCE37923-4BAE-42D1-9A00-438DEF38A1CF}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{E58D8262-CC5B-4698-A858-2210536B4938}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = 3G Connection Manager
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{715B225A-D37B-4967-BF83-C1A0FCBBE63D}" = Mobile PhoneTools
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"Asus WebStorage" = Asus WebStorage
"Bandoo" = Bandoo
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"Eee Docking_is1" = Eee Docking 2.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"RegClean Pro_is1" = RegClean Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2012 17:43:03 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 19.01.2012 17:44:38 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.01.2012 10:30:58 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2012 10:34:02 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2012 06:03:53 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 22.01.2012 06:07:07 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.01.2012 17:59:01 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01ccd9a07183c8b3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
74f404ee-460d-11e1-8ae7-001e101f50a4
Error - 24.01.2012 05:46:58 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
5b42fb71-4670-11e1-8a16-001e101f7f74
Error - 24.01.2012 05:47:03 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00095b51 ID des fehlerhaften
Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: 5e28edf3-4670-11e1-8a16-001e101f7f74
Error - 24.01.2012 17:30:31 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
a3a3c2bf-46d2-11e1-8a16-001e101f7f74
Error - 24.01.2012 17:30:36 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00095b51 ID des fehlerhaften
Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: a6bc6cfa-46d2-11e1-8a16-001e101f7f74
[ OSession Events ]
Error - 23.01.2013 05:39:37 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461
seconds with 720 seconds of active time. This session ended with a crash.
Error - 23.01.2013 07:05:34 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%126
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%126
Error - 12.09.2013 06:55:49 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:56:32 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 13:33:00
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0002 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ani\AppData\Local\Temp\uwldrpow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 81E7E829 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA3132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \FileSystem\fastfat \Fat AB219130
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243df175e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0 0x56 0xB7 0x2D 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a 0xA8 0xED 0xCC 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b 0xEA 0xB0 0xBD 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4 0x66 0xBB 0x26 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243df175e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0 0x56 0xB7 0x2D 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a 0xA8 0xED 0xCC 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b 0xEA 0xB0 0xBD 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4 0x66 0xBB 0x26 0xDE ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by ani (administrator) on 12-09-2013 13:33:44
Running from C:\Users\ani\Desktop
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1024368 2009-08-22] (Trend Micro Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114552 2011-01-06] (MusicLab, LLC)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-25] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {3b5d73e6-479a-11e2-9d4c-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d6a-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d8f-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {8acdd4ef-eed6-11e0-8a24-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790c7-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790d9-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e3-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e6-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {a2e8b479-f645-11df-b20b-0025d3a3c011} - F:\AutoRun.exe
MountPoints2: {a4c600f1-f7b1-11df-9d2d-90e6baf33f7d} - F:\AutoRun.exe
MountPoints2: {b2a81b65-eeba-11e0-a6d2-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {c561bf37-ef26-11e0-8a3b-90e6baf33f7d} - E:\AutoRun.exe
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: BandooIEPlugin Class - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
========================== Services (Whitelisted) =================
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1678272 2010-01-19] (Discordia Limited)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715368 2009-08-22] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-08-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [497008 2009-08-22] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2009-08-22] (Trend Micro Inc.)
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59920 2009-08-22] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-08-22] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50704 2009-08-22] (Trend Micro Inc.)
S3 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-08-22] (Trend Micro Inc.)
S3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36368 2009-08-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-08-22] (Trend Micro Inc.)
S3 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-08-22] (Trend Micro Inc.)
S3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [225808 2009-08-22] (Trend Micro Inc.)
S3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1223832 2009-08-22] (Trend Micro Inc.)
U3 uwldrpow; \??\C:\Users\ani\AppData\Local\Temp\uwldrpow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 13:33 - 2013-08-26 21:10 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-12 12:58 - 2013-07-18 22:54 - 00377856 _____ C:\Users\ani\Desktop\gmer_2.1.19163.exe
2013-09-12 12:41 - 2013-09-12 12:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:41 - 2013-07-18 22:49 - 00602112 _____ (OldTimer Tools) C:\Users\ani\Desktop\OTL.exe
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== One Month Modified Files and Folders =======
2013-09-12 13:33 - 2013-09-12 13:33 - 00000000 ____D C:\FRST
2013-09-12 13:06 - 2010-01-24 00:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 13:06 - 2010-01-22 20:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 13:06 - 2009-09-15 20:13 - 00000000 ____D C:\windows\panther
2013-09-12 13:03 - 2011-11-20 11:43 - 00000000 ____D C:\windows\Minidump
2013-09-12 12:59 - 2013-09-12 12:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:37 - 2012-06-27 19:04 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 12:36 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-26 21:10 - 2013-09-12 13:33 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:26 - 2012-11-08 19:10 - 00001414 _____ C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk
2013-08-16 17:24 - 2012-06-27 19:04 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 17:23 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-11-16 16:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-08-2013
Ran by ani at 2013-09-12 13:35:10
Running from C:\Users\ani\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
3G Connection Manager (Version: 2.00)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Advanced System Protector (Version: 2.1.1000.9972)
ASUS VIBE (Version: 1.0.166)
Asus WebStorage (Version: 2.0.31.477)
ASUSUpdate for Eee PC
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
Bandoo
BearShare (Version: 9.0.0.98413)
Bing Bar (Version: 7.1.391.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
E-Cam (Version: 2.0.1.7)
Eee Docking 2.6.0 (Version: 2.6.0)
EeeSplendid (Version: 5.1.2.0004)
FontResizer (Version: 1.01.0007)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Hotkey Service (Version: 1.11)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
MediaBar (Version: 2.5.0.98385)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 16.001.06.03.52)
Mobile PhoneTools (Version: 3.55)
MSVCRT (Version: 14.0.1468.721)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
RegClean Pro (Version: 6.21)
Super Hybrid Engine (Version: 2.09)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Trend Micro Internet Security (Version: 17.50)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {179B024B-098E-44D8-80E0-7BFE061DF324} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {1865F8D6-928F-4AB4-8301-DB342545E01F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {6A2E9BCD-93DD-4F5A-AEC2-3729B7D67213} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {6D2FFD4C-39D9-477C-A8B2-24864CF899A7} - System32\Tasks\User_Feed_Synchronization-{E05BD53F-55BE-4FD5-AB3E-AAF284007120} => C:\windows\system32\msfeedssync.exe [2012-02-20] (Microsoft Corporation)
Task: {88CFFC87-85BD-4B7F-B7C2-5C14A1BC2B40} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2012-09-24] (Systweak)
Task: {97230E64-397F-4971-B494-02D86A01FBA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4007594265-3339371781-3975660076-1000
Task: {AE35E485-344D-4A17-851F-990A61509E26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {C24E52BC-FA34-49F1-9F1E-9EF4D983C6B0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30] (Adobe Systems Incorporated)
Task: {DC25468F-731E-4F06-97C8-05537168A469} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {F604F448-3400-4924-8018-4A768FC8A265} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
==================== Faulty Device Manager Devices =============
Could not list Devices.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description:
Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description:
Error: (09/12/2013 00:53:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/12/2013 00:38:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Name des fehlerhaften Moduls: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011f42
ID des fehlerhaften Prozesses: 0xb74
Startzeit der fehlerhaften Anwendung: 0xSuperHybridEngine.exe0
Pfad der fehlerhaften Anwendung: SuperHybridEngine.exe1
Pfad des fehlerhaften Moduls: SuperHybridEngine.exe2
Berichtskennung: SuperHybridEngine.exe3
Error: (09/12/2013 00:38:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:45:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xf84
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x15f8
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:43:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x1088
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:42:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:41:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
System errors:
=============
Error: (09/12/2013 01:35:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 01:35:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:35:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 01:34:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:34:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:34:14 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (09/12/2013 01:33:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 00:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 00:56:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/02/2013 07:15:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 544051 seconds with 360 seconds of active time. This session ended with a crash.
Error: (01/23/2013 01:05:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217 seconds with 240 seconds of active time. This session ended with a crash.
Error: (01/23/2013 11:39:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461 seconds with 720 seconds of active time. This session ended with a crash.
|
| Themen zu Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. |
| adobe, bandoo, bho, bingbar, browser, defender, error, excel, farbar, farbar recovery scan tool, fehler, firefox, flash player, format, homepage, iexplore.exe, install.exe, installation, internet, logfile, object, plug-in, realtek, regclean, registry, richtlinie, rundll, security, services.exe, software, svchost.exe, systweak, udp, windows |
Baum-Darstellung