| |
| |||||||
Log-Analyse und Auswertung: Bundeskriminalamt VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.03.2014, 21:27
| #1 |
 |  Bundeskriminalamt Virus Hallo zusammen, da mein Computer (Windows 7 Home Premium) nun seit geschätzt knapp einem halben Jahr in der Ecke gestanden hat (Tablet sei Dank), muss dieser zwecks Masterthesis nun endlich wieder funktionieren. Habe soeben mittels OTLpe ein Logfile erstellt und möchte euch bitten, die Lösung wenn irgendwie möglich mittels diesem Programm zu erklären - es ist für mich wissenstechnisch und zeitlich schwer, eine neue CD etc. zu erstellen. Vielen Dank im Voraus dafür!  Zum Virus, es gibt ja mehrere Versionen: Ein abgesicherter Modus oder Eingabeaufforderung ist nicht möglich - in jedem Fall ist nach einiger Zeit das bekannte Bild sichtbar. Vielen Dank vorab! Schöne Grüße, Bulli OTL.txt Code:
ATTFilter OTL logfile created on: 3/10/2014 10:50:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 8.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive D: | 221.52 Gb Total Space | 147.84 Gb Free Space | 66.74% Space Free | Partition Type: NTFS
Drive E: | 229.56 Gb Total Space | 24.90 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/19 16:40:41 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/21 21:01:12 | 000,202,752 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- E:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto] -- E:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- E:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/08 15:24:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/29 23:47:40 | 000,248,704 | ---- | M] () [Auto] -- E:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/08 07:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/07 08:26:36 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/19 16:37:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/14 10:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- E:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/22 16:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto] -- E:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Auto] -- E:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 11:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled] -- E:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 11:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 11:58:46 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto] -- E:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- E:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 23:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Auto] -- E:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/03 05:36:52 | 000,055,776 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/07/09 07:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/23 13:45:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/06/09 19:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 09:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 09:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 09:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 09:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/21 21:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/21 20:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/29 21:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/22 21:51:06 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/09 04:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/08/28 07:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/11 17:06:54] [Kernel | Auto] -- E:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/08/14 01:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- E:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/07/24 10:05:00 | 000,005,632 | ---- | M] () [File_System | System] -- E:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Goelli_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\Goelli_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Goelli_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Goelli_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
IE - HKU\Goelli_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Goelli_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Goelli_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: E:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: E:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: E:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/13 14:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/13 14:31:03 | 000,000,000 | ---D | M]
[2011/05/30 12:13:35 | 000,002,048 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O1 HOSTS File: ([2010/06/19 17:10:04 | 000,000,857 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - E:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - E:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\Goelli_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Goelli_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Goelli_ON_E\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Goelli_ON_E..\Run: [18jVTleG.exe] E:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe (Microsoft Corporation)
O4 - HKU\Goelli_ON_E..\Run: [swg] E:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] E:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] E:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] E:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] File not found
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.183.128.35 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Goelli_ON_E Winlogon: Shell - (cmd.exe) - E:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - E:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - E:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - E:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2012/12/28 08:35:00 | 000,000,000 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/10/10 11:20:46 | 000,461,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\scavengeui.dll
[2013/09/16 14:54:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/09/16 14:54:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2013/09/16 14:54:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2013/09/16 14:54:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesysprep.dll
[2013/09/16 14:54:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/16 14:54:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/16 14:54:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2013/09/16 14:54:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2013/09/16 14:54:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2013/09/16 14:54:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2013/09/16 14:54:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2013/09/16 14:54:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/09/16 14:54:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2013/09/16 14:54:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/09/16 14:54:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/09/16 14:54:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript.dll
[2013/09/16 14:54:05 | 002,876,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2013/09/13 04:33:37 | 000,155,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\ataport.sys
[2013/09/13 04:33:36 | 005,550,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/09/13 04:33:36 | 003,968,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/13 04:33:36 | 003,913,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntoskrnl.exe
[2013/09/13 04:33:36 | 001,732,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntdll.dll
[2013/09/13 04:33:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\kernel32.dll
[2013/09/13 04:33:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\KernelBase.dll
[2013/09/13 04:33:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64win.dll
[2013/09/13 04:33:35 | 000,338,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/09/13 04:33:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64.dll
[2013/09/13 04:33:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/09/13 04:33:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\smss.exe
[2013/09/13 04:33:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\csrsrv.dll
[2013/09/13 04:33:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\setup16.exe
[2013/09/13 04:33:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntvdm64.dll
[2013/09/13 04:33:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntvdm64.dll
[2013/09/13 04:33:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wow64cpu.dll
[2013/09/13 04:33:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\instnm.exe
[2013/09/13 04:33:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\apisetschema.dll
[2013/09/13 04:33:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\apisetschema.dll
[2013/09/13 04:33:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 04:33:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 04:33:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 04:33:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 04:33:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\wow32.dll
[2013/09/13 04:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 04:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/13 04:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/13 04:33:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\user.exe
[2013/09/13 04:33:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\shdocvw.dll
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Goelli\AppData\Roaming\*.tmp files -> E:\Users\Goelli\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/22 17:17:12 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/10/22 17:15:51 | 3161,878,528 | -HS- | M] () -- E:\hiberfil.sys
[2013/10/22 17:13:52 | 001,498,742 | ---- | M] () -- E:\Windows\System32\PerfStringBackup.INI
[2013/10/22 17:13:52 | 000,654,150 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/10/22 17:13:52 | 000,616,032 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/10/22 17:13:52 | 000,130,022 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/10/22 17:13:52 | 000,106,412 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/10/22 17:01:39 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/22 17:00:50 | 000,000,006 | -H-- | M] () -- E:\Windows\tasks\SA.DAT
[2013/10/22 16:53:17 | 279,515,932 | ---- | M] () -- E:\Windows\MEMORY.DMP
[2013/10/22 16:24:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/22 16:17:10 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/22 14:54:34 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/22 14:54:34 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 11:29:11 | 000,256,512 | ---- | M] () -- E:\ProgramData\KLEddQHax
[2013/10/10 11:29:11 | 000,256,512 | ---- | M] () -- E:\Users\Goelli\AppData\Local\iHkgyX20hPs
[2013/10/10 11:29:11 | 000,256,512 | ---- | M] () -- E:\Users\Goelli\AppData\Roaming\htgggvL9L
[2013/10/08 15:24:46 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 15:24:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/17 18:07:26 | 004,535,635 | -H-- | M] () -- E:\Users\Goelli\AppData\Local\IconCache.db
[2013/09/17 13:14:19 | 003,064,656 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Goelli\AppData\Roaming\*.tmp files -> E:\Users\Goelli\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\ProgramData\KLEddQHax
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\Users\Goelli\AppData\Local\iHkgyX20hPs
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\Users\Goelli\AppData\Roaming\htgggvL9L
[2013/03/18 17:10:42 | 004,535,635 | -H-- | C] () -- E:\Users\Goelli\AppData\Local\IconCache.db
[2013/03/18 16:17:44 | 000,153,285 | ---- | C] () -- E:\Users\Goelli\AppData\Local\b02c5ad2-0c0c-41c4-9f5e-ec9871005ac2
[2013/03/18 16:17:37 | 000,135,168 | ---- | C] () -- E:\Users\Goelli\AppData\Local\build.exe
[2012/12/08 15:24:45 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2012/06/10 16:46:33 | 000,000,034 | ---- | C] () -- E:\Users\Goelli\AppData\Roaming\blckdom.res
[2012/05/30 13:26:14 | 000,000,388 | ---- | C] () -- E:\Users\Goelli\AppData\Roaming\urhtps.dat
[2012/04/10 14:27:36 | 012,390,576 | ---- | C] () -- E:\Users\Goelli\AppData\Local\rx_image32.Cache
[2012/04/10 14:27:36 | 000,263,500 | ---- | C] () -- E:\Users\Goelli\AppData\Local\rx_audio.Cache
[2011/09/30 15:43:08 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt
[2011/09/30 15:38:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
[2011/05/26 12:15:28 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/06 07:01:42 | 000,007,168 | ---- | C] () -- E:\Users\Goelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:06:49 | 000,000,056 | -H-- | C] () -- E:\ProgramData\ezsidmv.dat
[2010/06/18 09:59:44 | 000,126,264 | ---- | C] () -- E:\Users\Goelli\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/11 18:08:56 | 000,000,074 | RHS- | C] () -- E:\Windows\CT4CET.bin
[2010/06/11 10:42:12 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2010/05/04 06:32:15 | 000,001,035 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2010/02/22 16:25:56 | 000,089,416 | ---- | C] () -- E:\Windows\SysWow64\FAIEExtension.dll
[2010/02/22 16:25:12 | 000,059,208 | ---- | C] () -- E:\Windows\SysWow64\FAib.dll
[2010/02/22 16:24:10 | 000,247,624 | ---- | C] () -- E:\Windows\SysWow64\FACrashRpt.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- E:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- E:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- E:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- E:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- E:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,478 | ---- | C] () -- E:\Windows\win.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- E:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2012/10/01 13:59:05 | 000,000,000 | ---D | M] -- E:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010/06/18 09:58:46 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2010/09/28 12:57:50 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2012/01/31 13:42:13 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJ
[2010/10/30 03:54:05 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJEPPEX
[2010/10/30 03:49:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/07/27 08:01:20 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2010/11/09 13:37:14 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJScan
[2012/06/23 13:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/06/18 09:58:46 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/07/03 12:13:46 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Core
[2011/03/30 13:15:53 | 000,000,000 | ---D | M] -- E:\ProgramData\Ebner
[2011/07/03 12:13:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2012/12/29 06:00:55 | 000,000,000 | ---D | M] -- E:\ProgramData\FA7DD8751F5A0F880000FA7CDDFE155C
[2010/06/18 09:58:46 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/12/25 06:29:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Nokia
[2010/12/13 14:29:13 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaInstallerCache
[2010/12/19 06:18:54 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2010/06/11 18:06:19 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2012/06/24 03:39:39 | 000,000,000 | ---D | M] -- E:\ProgramData\Rockstar Games
[2013/08/05 11:37:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Sonos,_Inc
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/06/18 09:58:46 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2010/06/11 18:06:21 | 000,000,000 | ---D | M] -- E:\ProgramData\SupportSoft
[2013/07/30 11:21:15 | 000,000,000 | ---D | M] -- E:\ProgramData\Synology
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/06/11 18:03:44 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2010/06/18 09:58:46 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2011/11/20 06:16:17 | 000,000,000 | ---D | M] -- E:\ProgramData\WindSolutions
[2011/09/23 09:59:39 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/11 18:14:25 | 000,000,000 | -H-D | M] -- E:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}
[2013/05/20 12:32:49 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> E:\Users\Goelli\Desktop\liebesgschichten_und_heiratssachen.mp3:Roxio EMC Stream
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 3/10/2014 10:50:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 8.76 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive D: | 221.52 Gb Total Space | 147.84 Gb Free Space | 66.74% Space Free | Partition Type: NTFS
Drive E: | 229.56 Gb Total Space | 24.90 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D2B0ED-413E-49C0-B1DA-4ED2724B1EE4}" = FastAccess
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DesktopIconAmazon" = Desktop Icon für Amazon
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D2B0ED-413E-49C0-B1DA-4ED2724B1EE4}" = FastAccess
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DesktopIconAmazon" = Desktop Icon für Amazon
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Goelli_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"JNLP" = JNLP
"Winamp Detect" = Winamp Anwendungserkennung
< End of report >
|
|
10.03.2014, 23:30
| #2 |
  | Bundeskriminalamt Virus Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld |
|
11.03.2014, 00:28
| #3 |
| | Bundeskriminalamt Virus Schritt 1
__________________
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] File not found
O20 - HKU\Goelli_ON_E Winlogon: Shell - (cmd.exe) - E:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\Goelli_ON_E..\Run: [18jVTleG.exe] E:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe (Microsoft Corporation)
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\ProgramData\KLEddQHax
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\Users\Goelli\AppData\Local\iHkgyX20hPs
[2013/10/10 11:29:22 | 000,256,512 | ---- | C] () -- E:\Users\Goelli\AppData\Roaming\htgggvL9L
[2012/12/08 15:24:45 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
:files
E:\Users\Goelli\AppData\Local\K6Z8UZVNN
Starte nach diesem Fix bitte deinen Rechner im normalen Modus neu. Wenn er wieder funktioniert, mache bitte mit Schritt 2 weiter. Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
11.03.2014, 17:45
| #4 |
| | Bundeskriminalamt Virus Hallo, vielen Dank erstmal. Soweit funktioniert alles. OTLpe TimeDateLog: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_USERS\Goelli_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.
E:\Windows\SysWOW64\cmd.exe moved successfully.
Registry key HKEY_USERS\Goelli_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe moved successfully.
E:\ProgramData\KLEddQHax moved successfully.
E:\Users\Goelli\AppData\Local\iHkgyX20hPs moved successfully.
E:\Users\Goelli\AppData\Roaming\htgggvL9L moved successfully.
E:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== FILES ==========
E:\Users\Goelli\AppData\Local\K6Z8UZVNN folder moved successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 03112014_144444
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Goelli (administrator) on GOELLI-PC on 11-03-2014 18:44:58
Running from C:\Users\Goelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YB1AN57
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Sensible Vision ) c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Dropbox, Inc.) C:\Users\Goelli\AppData\Roaming\Dropbox\bin\Dropbox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3181136 2009-09-07] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [FATrayAlert] - c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] - [X]
HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161736 2010-02-11] ()
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-04] (Google Inc.)
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Run: [18jVTleG.exe] - "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe"
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-10-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell]
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Command Processor: "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe" <===== ATTENTION!
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Goelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {A5EC1E3D-3534-4D58-8A0E-7F3919FF6BEC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MXGB_deAT513
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {A5EC1E3D-3534-4D58-8A0E-7F3919FF6BEC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MXGB_deAT513
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 10.10.40.21 10.10.40.22
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Gmail) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-04]
==================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-23] (DT Soft Ltd)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-11 18:44 - 2014-03-11 18:44 - 00000000 ____D () C:\FRST
2014-03-11 03:55 - 2014-03-11 03:55 - 00123348 _____ () C:\OTL.Txt
2014-03-11 03:55 - 2014-03-11 03:55 - 00033520 _____ () C:\Extras.Txt
==================== One Month Modified Files and Folders =======
2014-03-11 18:44 - 2014-03-11 18:44 - 00000000 ____D () C:\FRST
2014-03-11 18:43 - 2009-07-14 18:58 - 00668942 _____ () C:\Windows\system32\perfh007.dat
2014-03-11 18:43 - 2009-07-14 18:58 - 00134758 _____ () C:\Windows\system32\perfc007.dat
2014-03-11 18:43 - 2009-07-14 06:13 - 01526786 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 18:43 - 2009-07-14 06:10 - 01360970 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 18:41 - 2013-03-06 18:36 - 00001025 _____ () C:\Users\Goelli\Desktop\Dropbox.lnk
2014-03-11 18:41 - 2013-03-06 18:36 - 00000000 ___RD () C:\Users\Goelli\Dropbox
2014-03-11 18:41 - 2013-03-06 18:35 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-11 18:41 - 2013-03-06 18:33 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Dropbox
2014-03-11 18:41 - 2010-06-18 14:59 - 00000000 ___RD () C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 18:39 - 2012-12-04 18:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 18:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 18:38 - 2009-07-14 05:51 - 00216970 _____ () C:\Windows\setupact.log
2014-03-11 14:58 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 14:58 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 14:55 - 2010-06-18 14:59 - 00000000 ____D () C:\Users\Goelli
2014-03-11 14:51 - 2009-07-14 05:45 - 03064656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 03:55 - 2014-03-11 03:55 - 00123348 _____ () C:\OTL.Txt
2014-03-11 03:55 - 2014-03-11 03:55 - 00033520 _____ () C:\Extras.Txt
2014-03-10 18:54 - 2010-06-23 19:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
Some content of TEMP:
====================
C:\Users\Goelli\AppData\Local\Temp\AskSLib.dll
C:\Users\Goelli\AppData\Local\Temp\htmlayout.dll
C:\Users\Goelli\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.dll
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.exe
C:\Users\Goelli\AppData\Local\Temp\SHSetup.exe
C:\Users\Goelli\AppData\Local\Temp\uninstall60245105.exe
C:\Users\Goelli\AppData\Local\Temp\vkzq7jftzd7agwjo.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-22 20:24
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Goelli at 2014-03-11 18:45:23
Running from C:\Users\Goelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YB1AN57
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0122.0857 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version: - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.92 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EMCGadgets64 (Version: 1.1.501 - Ihr Firmenname) Hidden
FastAccess (HKLM\...\{98D2B0ED-413E-49C0-B1DA-4ED2724B1EE4}) (Version: 2.4.91.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 30.0.1599.69 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
JNLP (HKCU\...\JNLP) (Version: - JNLP)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mp3tag v2.51 (HKLM-x32\...\Mp3tag) (Version: v2.51 - Florian Heidenreich)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 2.2.1.23 - Nokia)
Nokia Ovi Suite (x32 Version: 2.2.1.23 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM-x32\...\{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}) (Version: 02.05.008.43342 - Nokia Corporation)
Nur Deinstallierung der CopyTrans Suite möglich. (HKCU\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
Ovi Desktop Sync Engine (x32 Version: 1.4.92.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.6.221.2 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Premier (HKLM-x32\...\{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}) (Version: 10.3 - Roxio)
Roxio Creator Premier (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Premier 10 (x32 Version: 10.2.345 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
SDP Downloader (HKLM-x32\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Skins (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 22.0.64240 - Sonos, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{11C9B057-27FF-4BC1-82F6-DC4B15E70A2E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 1.1.0 (HKLM-x32\...\VLC media player) (Version: 1.1.0 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zotero Standalone 4.0.8 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.8 (x86 en-US)) (Version: 4.0.8 - Zotero)
==================== Restore Points =========================
25-09-2013 18:57:33 Windows Update
03-10-2013 17:03:33 Windows Update
10-10-2013 15:09:15 Windows Update
22-10-2013 18:51:27 Windows Update
10-03-2014 17:51:56 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2010-06-19 22:10 - 00000857 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {187DA461-1F07-4C1A-9404-D776037DF92C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {19D2550F-62A9-49F2-B381-C01501ADF699} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {4ACF408C-2327-4FA2-8A5F-1D50B720ED45} - System32\Tasks\D7RDT9M1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {AE02ABB1-2C95-40F0-BDAF-64FE491454ED} - System32\Tasks\{4D5E5831-C7CB-425B-8F21-375BFA3A8336} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.320/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {B5E2F4A5-E8C9-441D-835F-DBE825DE3830} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {C237C2C6-6174-43FD-992D-259DAC8EC4C9} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {FA5EBA90-0398-4AAD-9FB0-37C15AF1866A} - System32\Tasks\{D28DF682-0CB1-4B66-9816-37BEC676C95C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-06-11 22:50 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-11 22:50 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-10-30 08:41 - 2008-01-22 09:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-30 04:47 - 2013-04-30 04:47 - 00248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2010-06-11 23:04 - 2010-02-11 17:56 - 00415040 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2010-01-14 20:40 - 2010-01-14 20:40 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-11 22:53 - 2010-06-11 22:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-22 21:25 - 2010-02-22 21:25 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-11 23:03 - 2010-02-17 22:36 - 00116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-11 23:03 - 2010-02-11 17:52 - 01123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-11 23:04 - 2010-02-11 17:53 - 00121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Goelli\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Goelli\Desktop\liebesgschichten_und_heiratssachen.mp3:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Goelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Goelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^p0j99p.exe.lnk => C:\Windows\pss\p0j99p.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Goelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk => C:\Windows\pss\runctf.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FATrayAlert => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: Feavmibyy => C:\Users\Goelli\AppData\Roaming\Afwoxi\reeni.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: p5bgCJe7k => C:\Users\Goelli\AppData\Local\build.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Userinit => C:\Users\Goelli\AppData\Roaming\appconf32.exe
==================== Faulty Device Manager Devices =============
Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2014 06:49:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "17554". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (03/10/2014 06:49:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "17554". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (03/10/2014 06:49:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/10/2014 06:49:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "17554". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (03/10/2014 06:49:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "17554". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (10/22/2013 09:53:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
.
Error: (10/22/2013 08:43:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/22/2013 08:04:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7989b
Name des fehlerhaften Moduls: wcp.dll, Version: 6.1.7601.17592, Zeitstempel: 0x4da00342
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000114629
ID des fehlerhaften Prozesses: 0x53c
Startzeit der fehlerhaften Anwendung: 0xTrustedInstaller.exe0
Pfad der fehlerhaften Anwendung: TrustedInstaller.exe1
Pfad des fehlerhaften Moduls: TrustedInstaller.exe2
Berichtskennung: TrustedInstaller.exe3
Error: (10/22/2013 08:02:02 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2858302v2" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2858302v2_20131022_210033282-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.
Error: (10/22/2013 08:01:46 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile -- Fehler 25003. Error occurred while initializing fusion.
System errors:
=============
Error: (03/11/2014 06:38:12 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (03/11/2014 06:37:39 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (03/11/2014 02:56:09 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (03/11/2014 02:52:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (03/11/2014 02:50:46 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (03/11/2014 02:49:27 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (03/11/2014 02:49:02 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 10.03.2014 um 18:59:09 unerwartet heruntergefahren.
Error: (03/11/2014 02:48:48 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (03/10/2014 06:52:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2858302)
Error: (03/10/2014 06:52:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2836939)
Microsoft Office Sessions:
=========================
Error: (12/30/2012 03:49:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 596 seconds with 540 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 4020.54 MB
Available physical RAM: 1901.68 MB
Total Pagefile: 8039.26 MB
Available Pagefile: 5629.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:229.56 GB) (Free:24.47 GB) NTFS
Drive e: (Daten) (Fixed) (Total:221.52 GB) (Free:147.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 0FF34E2B)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
11.03.2014, 19:09
| #5 |
| | Bundeskriminalamt Virus Schritt 1 Klicke bitte auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Run: [18jVTleG.exe] - "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe"
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell]
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Command Processor: "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe" <===== ATTENTION!
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.dll
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.exe
C:\Users\Goelli\AppData\Local\Temp\vkzq7jftzd7agwjo.exe
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\p0j99p.exe.lnk
C:\Windows\pss\p0j99p.exe.lnk.Startup
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\Windows\pss\runctf.lnk.Startup
C:\Users\Goelli\AppData\Roaming\Afwoxi
C:\Users\Goelli\AppData\Local\build.exe
C:\Users\Goelli\AppData\Roaming\appconf32.exe
C:\Program Files\Enigma Software Group
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
|
|
11.03.2014, 22:50
| #6 |
| | Bundeskriminalamt Virus Alles klar. Danke. Anbei die Logs: Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Goelli at 2014-03-11 20:38:32 Run:1
Running from C:\Users\Goelli\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Run: [18jVTleG.exe] - "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe"
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell]
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Command Processor: "C:\Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe" <===== ATTENTION!
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.dll
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.exe
C:\Users\Goelli\AppData\Local\Temp\vkzq7jftzd7agwjo.exe
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\p0j99p.exe.lnk
C:\Windows\pss\p0j99p.exe.lnk.Startup
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\Windows\pss\runctf.lnk.Startup
C:\Users\Goelli\AppData\Roaming\Afwoxi
C:\Users\Goelli\AppData\Local\build.exe
C:\Users\Goelli\AppData\Roaming\appconf32.exe
C:\Program Files\Enigma Software Group
*****************
HKU\S-1-5-21-686631655-714417280-4237890275-1001\Software\Microsoft\Windows\CurrentVersion\Run\\18jVTleG.exe => Value deleted successfully.
HKU\S-1-5-21-686631655-714417280-4237890275-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-21-686631655-714417280-4237890275-1001\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key deleted successfully.
HKCR\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key not found.
esgiguard => Service deleted successfully.
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.dll => Moved successfully.
C:\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.exe => Moved successfully.
C:\Users\Goelli\AppData\Local\Temp\vkzq7jftzd7agwjo.exe => Moved successfully.
C:\Windows\pss\p0j99p.exe.lnk.Startup => Moved successfully.
C:\Windows\pss\runctf.lnk.Startup => Moved successfully.
C:\Users\Goelli\AppData\Roaming\Afwoxi => Moved successfully.
C:\Users\Goelli\AppData\Local\build.exe => Moved successfully.
"C:\Users\Goelli\AppData\Roaming\appconf32.exe" => File/Directory not found.
C:\Program Files\Enigma Software Group => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Goelli :: GOELLI-PC [Administrator] 11.03.2014 20:41:30 mbam-log-2014-03-11 (20-41-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221092 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 78 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Goelli\Downloads\DTLite4454-0314 (1).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5c7f2e6b8b704a4aa1c79cd1dd409cae
# engine=17403
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-11 09:40:38
# local_time=2014-03-11 10:40:38 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 10103 1252774 10564 0
# compatibility_mode=5893 16776574 100 94 13156174 146203888 0 0
# scanned=312050
# found=7
# cleaned=0
# scan_time=5421
sh=16ED15F2291297DAAA1B1326B31FEC58D9BD4473 ft=1 fh=7882b26821d0f75a vn="a variant of Win32/Kryptik.AXBM trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Goelli\AppData\Local\build.exe.xBAD"
sh=5CBF940AA024D5CDE09BC172427CD96210DC9548 ft=1 fh=9b3a3c8a088928e7 vn="Win32/LockScreen.AZN trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.dll.xBAD"
sh=36089490077EF9BAFD8B788AFFE6C8D16973D16B ft=1 fh=9b3a3c8ae81abe26 vn="Win32/LockScreen.AZN trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Goelli\AppData\Local\Temp\pqemdaagmktcgyhchbx.exe.xBAD"
sh=5AB34F30B1A6337C062235D7BB9F86C5247394A2 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\pss\runctf.lnk.Startup.xBAD"
sh=36089490077EF9BAFD8B788AFFE6C8D16973D16B ft=1 fh=9b3a3c8ae81abe26 vn="Win32/LockScreen.AZN trojan" ac=I fn="C:\Users\Goelli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\265c7f6a-54170b8e"
sh=5CBF940AA024D5CDE09BC172427CD96210DC9548 ft=1 fh=9b3a3c8a088928e7 vn="Win32/LockScreen.AZN trojan" ac=I fn="C:\_OTL\MovedFiles\03112014_144444\E_Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.dll"
sh=36089490077EF9BAFD8B788AFFE6C8D16973D16B ft=1 fh=9b3a3c8ae81abe26 vn="Win32/LockScreen.AZN trojan" ac=I fn="C:\_OTL\MovedFiles\03112014_144444\E_Users\Goelli\AppData\Local\K6Z8UZVNN\18jVTleG.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014 Ran by Goelli (administrator) on GOELLI-PC on 11-03-2014 22:47:35 Running from C:\Users\Goelli\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Sensible Vision ) c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Dropbox, Inc.) C:\Users\Goelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3181136 2009-09-07] (Dell Inc.) HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [FATrayAlert] - c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision ) HKLM-x32\...\Run: [FAStartup] - [X] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161736 2010-02-11] () HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-04] (Google Inc.) HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell] Lsa: [Notification Packages] scecli FAPassSync Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Goelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/ SearchScopes: HKCU - DefaultScope {A5EC1E3D-3534-4D58-8A0E-7F3919FF6BEC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MXGB_deAT513 SearchScopes: HKCU - {A5EC1E3D-3534-4D58-8A0E-7F3919FF6BEC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MXGB_deAT513 BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll () BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (YouTube) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11] CHR Extension: (Avira Sparberater) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-11] CHR Extension: (Google-Suche) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11] CHR Extension: (Google Wallet) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11] CHR Extension: (Google Mail) - C:\Users\Goelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-04] CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11] ==================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.) R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-23] (DT Soft Ltd) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia) R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-11 22:47 - 2014-03-11 22:47 - 00014589 _____ () C:\Users\Goelli\Desktop\FRST.txt 2014-03-11 21:25 - 2014-03-11 22:25 - 17879432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-11 21:05 - 2014-03-11 21:05 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-11 20:40 - 2014-03-11 20:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Malwarebytes 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-11 20:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-11 20:38 - 2014-03-11 20:38 - 02157056 _____ (Farbar) C:\Users\Goelli\Desktop\FRST64.exe 2014-03-11 18:44 - 2014-03-11 22:47 - 00000000 ____D () C:\FRST 2014-03-11 18:37 - 2014-03-11 18:37 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU 2014-03-11 18:36 - 2014-03-11 18:36 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Avira 2014-03-11 18:33 - 2014-03-11 18:39 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-11 18:33 - 2014-03-11 18:37 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 18:33 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-11 18:33 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-11 18:33 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-11 18:30 - 2014-03-11 18:32 - 138607664 _____ () C:\Users\Goelli\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-03-11 03:55 - 2014-03-11 03:55 - 00123348 _____ () C:\OTL.Txt 2014-03-11 03:55 - 2014-03-11 03:55 - 00033520 _____ () C:\Extras.Txt ==================== One Month Modified Files and Folders ======= 2014-03-11 22:47 - 2014-03-11 22:47 - 00014589 _____ () C:\Users\Goelli\Desktop\FRST.txt 2014-03-11 22:47 - 2014-03-11 18:44 - 00000000 ____D () C:\FRST 2014-03-11 22:25 - 2014-03-11 21:25 - 17879432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-11 22:25 - 2012-06-23 21:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 22:25 - 2012-06-23 21:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 22:25 - 2012-06-23 21:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-11 22:25 - 2011-08-03 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 21:49 - 2012-12-04 18:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-11 21:47 - 2009-07-14 06:10 - 01532031 _____ () C:\Windows\WindowsUpdate.log 2014-03-11 21:05 - 2014-03-11 21:05 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-11 20:40 - 2014-03-11 20:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Malwarebytes 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 20:40 - 2014-03-11 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-11 20:39 - 2013-03-06 18:36 - 00000000 ___RD () C:\Users\Goelli\Dropbox 2014-03-11 20:39 - 2013-03-06 18:33 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Dropbox 2014-03-11 20:38 - 2014-03-11 20:38 - 02157056 _____ (Farbar) C:\Users\Goelli\Desktop\FRST64.exe 2014-03-11 20:38 - 2010-06-20 15:13 - 00000000 ____D () C:\Windows\pss 2014-03-11 20:00 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-11 20:00 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-11 19:57 - 2009-07-14 18:58 - 00668942 _____ () C:\Windows\system32\perfh007.dat 2014-03-11 19:57 - 2009-07-14 18:58 - 00134758 _____ () C:\Windows\system32\perfc007.dat 2014-03-11 19:57 - 2009-07-14 06:13 - 01526786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-11 19:53 - 2012-12-04 18:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-11 19:52 - 2010-06-11 15:39 - 00330680 _____ () C:\Windows\PFRO.log 2014-03-11 19:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-11 19:52 - 2009-07-14 05:51 - 00217026 _____ () C:\Windows\setupact.log 2014-03-11 18:41 - 2013-03-06 18:36 - 00001025 _____ () C:\Users\Goelli\Desktop\Dropbox.lnk 2014-03-11 18:41 - 2013-03-06 18:35 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-03-11 18:41 - 2010-06-18 14:59 - 00000000 ___RD () C:\Users\Goelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-11 18:39 - 2014-03-11 18:33 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-11 18:38 - 2013-06-25 20:26 - 00000000 ____D () C:\Users\Goelli\Downloads\ftv 2014-03-11 18:37 - 2014-03-11 18:37 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU 2014-03-11 18:37 - 2014-03-11 18:33 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-11 18:36 - 2014-03-11 18:36 - 00000000 ____D () C:\Users\Goelli\AppData\Roaming\Avira 2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 18:32 - 2014-03-11 18:30 - 138607664 _____ () C:\Users\Goelli\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-03-11 17:58 - 2011-04-02 15:50 - 00034787 _____ () C:\Users\Goelli\Desktop\Wohnung.xlsx 2014-03-11 17:44 - 2012-12-04 18:46 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-11 17:44 - 2012-12-04 18:46 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-11 14:55 - 2010-06-18 14:59 - 00000000 ____D () C:\Users\Goelli 2014-03-11 14:51 - 2009-07-14 05:45 - 03064656 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 03:55 - 2014-03-11 03:55 - 00123348 _____ () C:\OTL.Txt 2014-03-11 03:55 - 2014-03-11 03:55 - 00033520 _____ () C:\Extras.Txt 2014-03-10 18:54 - 2010-06-23 19:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-25 11:41 - 2014-03-11 18:33 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-25 11:41 - 2014-03-11 18:33 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-25 11:41 - 2014-03-11 18:33 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys Some content of TEMP: ==================== C:\Users\Goelli\AppData\Local\Temp\AskSLib.dll C:\Users\Goelli\AppData\Local\Temp\avgnt.exe C:\Users\Goelli\AppData\Local\Temp\htmlayout.dll C:\Users\Goelli\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\Goelli\AppData\Local\Temp\SHSetup.exe C:\Users\Goelli\AppData\Local\Temp\uninstall60245105.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 20:20 ==================== End Of Log ============================ |
|
12.03.2014, 10:08
| #7 |
| | Bundeskriminalamt Virus Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunte Klicke nun auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java- und Flash-Versionen.
Öffne bitte mit beiden Browsern Adobe - Adobe Flash Player installieren installieren und lade dir die neueste Version herunter. Entferne beim installieren den Haken bei McAfee Security Plus. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.
Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Für Firefox würde ich dir empfehlen das Addon NoScript herunterzuladen. Dieses kostenlose Addon blockiert JavaScript, Java und Flash. Sie werden nur ausgeführt, wenn du es erlaubst. Ich empfehle dir auch das Addon WoT (Web of Trust) zu installieren. Es warnt dich davor eine als gefährlich bewertete Seit zu betreten. Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board untersützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
12.03.2014, 17:48
| #8 |
| | Bundeskriminalamt Virus Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Goelli at 2014-03-12 17:47:56 Run:2
Running from C:\Users\Goelli\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-686631655-714417280-4237890275-1001\...\Winlogon: [Shell]
*****************
HKU\S-1-5-21-686631655-714417280-4237890275-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
==== End of Fixlog ====
|
|
19.03.2014, 14:35
| #9 |
| | Bundeskriminalamt Virus Ich möchte mich auf diesem Wege auf jeden Fall ganz herzlich für die Hilfe bedanken! Spitze, weiter so! Danke!!! |
|
| Themen zu Bundeskriminalamt Virus |
| autorun, browser, canon, cs4/contributeieplugin.dll, firefox, ftp, homepage, install.exe, object, pup.optional.funwebproducts.a, pup.optional.opencandy, rundll, schannel.dll, security.hijack, senden, spyhunter, spyhunter entfernen, synology, tablet, trojan.agent, trojan.banker, virus, win32/kryptik.axbm, win32/lockscreen.azn, win32/reveton.m |
Textbox.
Linear-Darstellung
