|
S.M.A.R.T HDD Virus entfernen Hallo zusammen, habe mir anscheinend gestern den "Smart HDD" eingefangen und auch schon die in diesem Forum vorzufindende Anleitung benutzt, aber leider ohne Erfolg. Um jetzt vielleicht bessere Ergebnisse zu erzielen, wende ich mich nun an Euch :). Ich habe auch schon das "OTL"-Programm laufen lassen und werde die zwei entstandenen Logfiles an die Nachricht anhängen. Es wäre toll, wenn ihr mir helfen könntet, hänge leider schon den halben Tag an der bis jetzt misslungenen Problembeseitigung. Danke schonmal im Voraus! :) OTL Extras logfile created on: 07.07.2012 16:10:09 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philipp\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,82% Memory free 7,73 Gb Paging File | 6,90 Gb Available in Paging File | 89,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 392,93 Gb Free Space | 65,92% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 595,94 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive H: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,82% Space Free | Partition Type: NTFS Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12550C6E-9807-4162-AEF2-7677F41A57DA}" = rport=137 | protocol=17 | dir=out | app=system | "{1565F5B8-D38B-4E23-9E27-FD90477BBAD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D803A6B-BE6B-4896-B62F-0F61C97C8695}" = rport=445 | protocol=6 | dir=out | app=system | "{20800252-122C-4AC1-84B6-51757091FB4D}" = lport=445 | protocol=6 | dir=in | app=system | "{37E1F924-E2FA-418C-8D8B-3BAAE3D4848F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{399108FF-4DDC-4345-865A-BB48DF7CB0A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{54602850-8238-41ED-ADF2-D8C319010F68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{59290054-BDAE-4454-881C-E5B9972716A8}" = rport=139 | protocol=6 | dir=out | app=system | "{600428A9-7009-4ACE-931D-4F485723C7D6}" = rport=138 | protocol=17 | dir=out | app=system | "{72F26C60-5535-4451-A7CD-08B1A010DA81}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | "{77D73CA9-470E-4F28-8055-8CF106C04924}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88EE5A78-11DA-40AB-AE23-5AC583031F82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8BF83052-4450-4E28-BB30-C72D6384FB9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9CA3D4A9-6654-4F59-9BF1-C2FFBF99F5A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{A0AD26B2-013A-4E5C-A228-8C21F3581854}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A537308B-B8EB-4E78-BA56-4B8421D3A585}" = lport=138 | protocol=17 | dir=in | app=system | "{AA2C9F3F-A249-4A27-A7B7-994D98FAE061}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AB854713-BF39-4F43-88CE-008440E9511A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD37D1C0-E1E6-4978-AA14-400E4890DFBE}" = lport=139 | protocol=6 | dir=in | app=system | "{B0D85C04-DC3D-44F8-BC16-A1774E8F4C4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B3A728A9-6FF6-4D5F-85F4-1C5EF2F05EFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BBD0557C-3A0F-4D4F-8299-890EEDD33193}" = lport=2869 | protocol=6 | dir=in | app=system | "{CBE49607-8B48-47EA-AF7C-E09D2EDA396C}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | "{DF437E72-F156-4828-B8C6-64C82F02A562}" = lport=10243 | protocol=6 | dir=in | app=system | "{DF8B8D8D-6C8B-4647-B61C-664982971D4C}" = rport=10243 | protocol=6 | dir=out | app=system | "{E32405B1-5B73-4F91-95C1-13DA0109E9F7}" = lport=137 | protocol=17 | dir=in | app=system | "{EA83923E-8F4D-4903-AF19-6E17EC091F5E}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0086B692-2DE5-41CC-901F-40F7780A194A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{071B2BAC-AB5A-43F1-8A64-5EE06B04B5E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1D949740-F5D8-4709-95F7-4E86466BA91F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1EC12AB2-12AE-4D2F-925A-9990145C69FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1EC98D0A-0780-4329-958B-1AAB2786EC16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{21D1668A-97A0-4F71-AD28-28FC877B393D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32033BE8-15FC-4371-A528-C9020E55B3F2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{47EE1660-24D0-4CED-8EF7-E8C90CEA3D95}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | "{60AA2302-4EA7-4133-B03A-CFFC850F3653}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{65F8EF2C-A931-48ED-AAF7-6E8098C086E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A74420F-0A40-45D0-A273-837C4C07A248}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F7D4EBC-19F6-4299-82AC-D935CB85228E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{737FDAAE-AFE8-439B-BE7C-CE9C973E82C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7380F069-4DDF-4D81-BBFB-1E796A8436CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7476CFBB-32A9-4A91-A0A7-3FB76C1C751F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78D7D200-CB25-4BB4-B618-F1AFA4B9ED4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86E45785-132B-45C6-A3EA-30C642BFA93C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8B075BC6-C546-4CAC-ADB5-C14638958A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8C43F08F-5BAC-435D-9A13-A5AD9DE40AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{8F03FBCE-E9C4-4621-9BD8-4C70054FC26A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{A034F8E6-BD0A-45E6-82C7-0A7BBA6A7E58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AAD4B5A7-2EB5-42ED-BF64-439C5FA53415}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{ACA79145-EA4C-40C9-A220-A6D00D439709}" = protocol=6 | dir=out | app=system | "{B2F452F7-6F6F-407E-8698-293FBA3D64B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B889676B-07B2-45DA-B847-8DE7203AFAFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CC391CE8-AD01-433F-8A90-C90F19DC53C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D16B2CFB-FBB2-4397-AD43-E023591EC235}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D2BBCDAC-FF80-4C87-A9E1-ED5E1812F80F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DA2B40BD-0365-4F72-8F08-81FACA6E52E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E08D0C2C-750F-490D-AE6A-DCE20FC8696A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E4CC6133-A6CA-474C-8984-CA26A22662D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7CE945F-CB9F-4B57-9D70-EAF5DF508BF0}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{FC17285E-8480-4823-9CB1-34A1A09035A8}" = dir=in | app=c:\users\philipp\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{0493141C-98A6-49AD-9657-7428836B5FEC}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe | "TCP Query User{68202DB0-CE16-4581-94AE-9E5A5EB3F0DE}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe | "TCP Query User{ACB8AC06-3816-4421-BA47-2307A1112E84}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{D4BAA963-D11F-4B56-A5A8-906F423BF6C6}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe | "UDP Query User{01C5199F-E133-4995-8B8D-3DDE072E1919}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe | "UDP Query User{10F7CA78-B828-4970-B513-37087F7472D1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{81C01B8A-E9E3-4C8A-B572-AEC27BA34DC8}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe | "UDP Query User{F66890C6-0A9A-42A8-B33C-C43A33887577}C:\program files (x86)\adidas\micoach manager\micoachmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adidas\micoach manager\micoachmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{0D0EB043-73A9-B71E-BA0B-1F6126BD2524}" = Napster 5.0 Beta "{0F931735-0098-4FF6-A49D-17882A294F51}" = Microsoft VC90 CRT + OMP "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29 "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™ "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{DA078193-6951-49D6-9702-0E92B569E182}" = Audials "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro "adidas miCoach Manager_is1" = miCoach Manager "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "AutocompletePro3_is1" = AutocompletePro "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "com.Rhapsody.Napster5" = Napster 5.0 Beta "ESET Online Scanner" = ESET Online Scanner v3 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.3.1206 "Free WAV to MP3 Converter" = Free WAV to MP3 Converter "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Funkyplot_is1" = Funkyplot 1.1.0-pre1 "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "IsoBuster_is1" = IsoBuster 2.8.5 "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "phase-6" = phase-6 2.1.2.3a "PhotoScape" = PhotoScape "PSP Video 9" = PSP Video 9 6 "Universal Document Converter_is1" = Universal Document Converter (Demo) "UseNeXT_is1" = UseNeXT "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.10 "WinAVI DVD Ripper" = WinAVI DVD Ripper "WinRAR archiver" = WinRAR 4.01 (32-Bit) "XMedia Recode" = XMedia Recode 3.0.0.5 "YouTube Downloader App" = YouTube Downloader App 3.00 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "MediaJoin" = MediaJoin ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.06.2012 06:53:18 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:18 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:19 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 06:53:20 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.06.2012 09:20:34 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101 Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . [ System Events ] Error - 07.07.2012 10:00:33 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:02:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:07:41 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 07.07.2012 10:09:47 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > OTL logfile created on: 07.07.2012 16:10:09 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Philipp\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,82% Memory free 7,73 Gb Paging File | 6,90 Gb Available in Paging File | 89,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 392,93 Gb Free Space | 65,92% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 595,94 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive H: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,82% Space Free | Partition Type: NTFS Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) Logitech QuickCam 3000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 61 C6 29 90 5D CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "ACPro" FF - prefs.js..browser.search.defaultenginename: "ACPro" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.order.1: "ACPro" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.autocompletepro.com?si=10214&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Philipp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 17:48:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 17:48:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.18 12:11:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2012.06.03 16:56:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions [2012.03.30 18:31:23 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.23 16:38:40 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.28 10:04:22 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\DeviceDetection@logitech.com [2012.06.03 16:56:20 | 000,000,000 | -H-D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2n7k3s8w.default\extensions\support@predictad.com [2012.07.02 21:52:55 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-1.xml [2011.09.09 16:59:02 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-2.xml [2011.09.16 18:16:45 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-3.xml [2011.09.30 14:47:57 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-4.xml [2011.10.01 10:05:17 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-5.xml [2011.11.14 15:08:14 | 000,000,950 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin-6.xml [2011.08.28 11:33:45 | 000,001,056 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2n7k3s8w.default\searchplugins\icqplugin.xml [2012.01.07 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.28 17:48:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.03 16:56:20 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml [2012.06.28 17:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 17:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 17:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 17:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 17:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 17:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Philipp\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [micoach] "C:\Program Files (x86)\adidas\miCoach Manager\miCoachManager.exe" /autostart File not found O4 - HKCU..\Run: [miCoach Manager] C:\Program Files (x86)\adidas\miCoach Manager\SyncManager.exe (adidas) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [MoTclEWUtACM.exe] C:\ProgramData\MoTclEWUtACM.exe (JFF) O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12184E8F-961F-4EF7-8E2D-5942233A646E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.07 15:54:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2012.07.07 15:17:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.07 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.07 10:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.07.07 10:38:06 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\Documents\Anti-Malware [2012.07.07 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.07 09:33:32 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2012.07.07 09:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.07 09:33:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.07 09:33:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.07.07 09:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.06 22:09:42 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.07.06 22:09:28 | 000,251,640 | -H-- | C] (JFF) -- C:\ProgramData\GlWubSvLY8ymFc.exe [2012.07.06 21:58:37 | 000,344,312 | -H-- | C] (JFF) -- C:\ProgramData\MoTclEWUtACM.exe [2012.07.06 18:20:38 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Roaming\UseNeXT [2012.07.06 18:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2012.06.23 18:29:19 | 000,000,000 | -H-D | C] -- C:\Users\Philipp\AppData\Local\Macromedia [2012.06.23 14:32:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 14:32:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 14:32:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 14:32:36 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 14:32:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 14:32:36 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 14:32:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 14:32:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 12:02:26 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 12:02:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 12:02:19 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.13 12:02:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 12:02:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 12:02:17 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 12:02:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 12:02:17 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 12:02:17 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 12:01:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 12:01:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 12:01:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 12:01:15 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 12:01:15 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 12:01:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 12:00:34 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 12:00:29 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 12:00:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 15:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.12 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.12 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.12 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2007.08.13 17:46:00 | 000,102,912 | -H-- | C] (Albert L Faber) -- C:\Users\Philipp\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | -H-- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Philipp\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | -H-- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | -H-- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.07.07 15:54:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2012.07.07 15:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.07 15:38:44 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 15:28:50 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 15:28:50 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 15:19:46 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001UA.job [2012.07.07 15:17:18 | 611,823,817 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.07 15:04:04 | 000,000,655 | -H-- | M] () -- C:\Users\Philipp\Desktop\Data_Recovery.lnk [2012.07.07 15:04:04 | 000,000,160 | -H-- | M] () -- C:\ProgramData\-GlWubSvLY8ymFcr [2012.07.07 15:04:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-GlWubSvLY8ymFc [2012.07.07 15:04:01 | 000,000,256 | -H-- | M] () -- C:\ProgramData\GlWubSvLY8ymFc [2012.07.07 08:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.06 22:09:28 | 000,251,640 | -H-- | M] (JFF) -- C:\ProgramData\GlWubSvLY8ymFc.exe [2012.07.06 21:56:15 | 000,344,312 | -H-- | M] (JFF) -- C:\ProgramData\MoTclEWUtACM.exe [2012.07.06 21:19:00 | 000,000,914 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001Core.job [2012.07.06 19:03:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.06 19:03:44 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.06 19:03:44 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.06 19:03:44 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.06 19:03:44 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.06 18:20:35 | 000,001,861 | -H-- | M] () -- C:\Users\Philipp\Desktop\UseNeXT.lnk [2012.07.01 12:33:41 | 000,338,387 | -H-- | M] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-pool.jpg [2012.07.01 12:33:22 | 000,183,855 | -H-- | M] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-double-room.jpg [2012.07.01 12:32:52 | 000,245,561 | -H-- | M] () -- C:\Users\Philipp\Desktop\SUNNY_B._GEN1-8.05.jpg [2012.07.01 12:24:25 | 000,001,314 | -H-- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.06.23 18:44:40 | 000,040,960 | -H-- | M] () -- C:\Users\Philipp\Desktop\photothumb.db [2012.06.23 17:00:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.23 17:00:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.14 16:18:29 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 15:29:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.07.07 15:17:18 | 611,823,817 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.07 15:04:04 | 000,000,655 | -H-- | C] () -- C:\Users\Philipp\Desktop\Data_Recovery.lnk [2012.07.07 12:02:32 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.07.07 12:02:32 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk [2012.07.07 12:02:32 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk [2012.07.07 12:02:32 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.07 12:02:32 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.07.07 12:02:32 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk [2012.07.07 12:02:32 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.07.07 12:02:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.07 12:02:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.07.07 12:02:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.07.07 12:02:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.07.07 12:02:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.07.07 12:02:32 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2012.07.07 12:02:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.07.07 12:02:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.07.07 12:02:32 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.07 12:02:32 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\phase-6 premium.lnk [2012.07.07 12:02:32 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Napster 5.0.lnk [2012.07.07 12:02:31 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.07 12:02:31 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk [2012.07.07 12:02:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.07.07 12:02:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.07.07 12:02:30 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.07.07 12:02:30 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.07.06 22:09:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-GlWubSvLY8ymFcr [2012.07.06 22:09:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-GlWubSvLY8ymFc [2012.07.06 22:09:39 | 000,000,256 | -H-- | C] () -- C:\ProgramData\GlWubSvLY8ymFc [2012.07.06 18:20:35 | 000,001,861 | -H-- | C] () -- C:\Users\Philipp\Desktop\UseNeXT.lnk [2012.07.01 12:33:34 | 000,338,387 | -H-- | C] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-pool.jpg [2012.07.01 12:33:20 | 000,183,855 | -H-- | C] () -- C:\Users\Philipp\Desktop\iberostar-sunny-beach-resort-double-room.jpg [2012.07.01 12:32:51 | 000,245,561 | -H-- | C] () -- C:\Users\Philipp\Desktop\SUNNY_B._GEN1-8.05.jpg [2012.04.12 17:33:51 | 000,001,472 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\RecConfig.xml [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 01:59:55 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.07.24 01:57:32 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.06.21 14:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2007.08.13 17:46:00 | 000,155,136 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | -H-- | C] () -- C:\Users\Philipp\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2011.07.13 21:46:28 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Canon [2012.04.08 10:13:58 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\com.Rhapsody.Napster5 [2012.02.01 17:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft [2011.07.23 16:38:39 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.09 15:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ [2011.10.28 10:16:14 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech [2011.08.29 11:56:26 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Phase6 [2012.05.22 15:31:02 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\PhotoScape [2011.07.18 21:48:27 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\Red Kawa [2012.02.23 19:36:08 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\UDC Profiles [2012.07.06 22:06:33 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\UseNeXT [2011.07.23 13:53:18 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\WinAVI [2012.06.03 16:47:41 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData\Roaming\XMedia Recode [2012.07.06 21:19:00 | 000,000,914 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001Core.job [2012.07.07 15:19:46 | 000,000,936 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1394845363-2140404158-1724030329-1001UA.job [2012.03.01 18:23:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
hi du hast eset und malwarebytes genutzt, logs verfügbar, dann posten bitte |
Hey, Danke schonmal für deine Antwort. Weil der Virus ja immer wieder meine Dateien versteckt, habe ich beide Scanner nochmal laufen lassen. Konnte nur durch das Programm Emsisoft den Quarantänebericht finden. Ich hänge nun die beiden neuen Berichte und den Bericht über die in die Quarantäne verschobenen Dateien an und verschiebe die gefundenen Viren in Quarantäne. Quarantänebericht: Emsisoft Anti-Malware v. 6.6.0.1 (C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits ID Object 0 C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2f97c582-385383c9 Exploit.-!E2 1 C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\254547f7-3727ddfe Exploit.Java.CVE-2012!E2 Malwarebytes: Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.10.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Philipp :: PHILIPP-PC [Administrator] Schutz: Deaktiviert 10.07.2012 09:00:25 detail.php.txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 429548 Laufzeit: 43 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Philipp\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Keine Aktion durchgeführt. (Ende) Emsisoft: Emsisoft Anti-Malware - Version 6.6 Letztes Update: 07.07.2012 10:41:38 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, H:\ Archiv Scan: An ADS Scan: An Scan Beginn: 10.07.2012 09:45:47 c:\users\philipp\appdata\roaming\microsoft\internet explorer\quick launch\data_recovery.lnk gefunden: Trace.File.datarecovery.b!E1 c:\users\philipp\desktop\data_recovery.lnk gefunden: Trace.File.datarecovery.b!E1 Gescannt 647914 Gefunden 2 Scan Ende: 10.07.2012 10:21:30 Scan Zeit: 0:35:43 Hier noch der nach der Löschung entstandene Log: Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.10.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Philipp :: PHILIPP-PC [Administrator] Schutz: Deaktiviert 10.07.2012 09:00:25 mbam-log-2012-07-10 (09-00-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 429548 Laufzeit: 43 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Philipp\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Sehr gut :) Scheint auf den ersten Blick so, als ob es funktioniert hat. DANKE!! Hier noch die Log-File von Combofix: Combofix Logfile: Code: ComboFix 12-07-10.01 - Philipp 11.07.2012 7:09.1.4 - x64 |
lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 04:19 Uhr. |
Copyright ©2000-2025, Trojaner-Board