Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner - deo0_sar.exe (https://www.trojaner-board.de/121374-gvu-trojaner-deo0_sar-exe.html)

handnavi 06.08.2012 10:51
GVU Trojaner - deo0_sar.exe
 
Guten Tag!

Mich hat es nun auch erwischt: Der Rechner war mit deo0_sar.exe. infiziert.
Panda Antivirus hat die .exe auch gleich ausfindig gemacht und in die Quarantäne geschoben, allerdings taucht beim Neustart von Windows nun stets eine Fehlermeldung auf: das Modul ...deo0_sar.exe kann nicht gefunden werden.
Irgendwie muss hier also noch der Wurm drin sein.


Hier das Ergebnis von einem Malware Bytes Scan:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

06.08.2012 11:45:40
mbam-log-2012-08-06 (11-45-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 320443
Laufzeit: 43 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL-Scan hat folgendes ausgespuckt:

OTL Logfile:
Code:
OTL logfile created on: 06.08.2012 11:39:44 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 46,60% Memory free
6,71 Gb Paging File | 4,11 Gb Available in Paging File | 61,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 312,49 Gb Total Space | 237,48 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 111,81 Gb Total Space | 81,54 Gb Free Space | 72,93% Space Free | Partition Type: UDF
Drive I: | 619,02 Gb Total Space | 618,91 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\ESTOS\UCServer\EUCSrv.exe (ESTOS GmbH)
PRC - C:\Programme\ESTOS\ProCall 4\ECtiClient.exe (ESTOS GmbH)
PRC - C:\Programme\ESTOS\ProCall 4\Communicator.exe (ESTOS GmbH)
PRC - C:\Windows\System32\EACUSrv.exe (ESTOS GmbH)
PRC - C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Microsoft\BingBar\7.1.382.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\untermStrich\connector4vx.exe (untermStrich software gmbh)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\psksvc.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Trendnet\USBKVM Switcher\USBKVM.exe (UNICLASS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\user\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\8a5cd19581407057525630f0540980ce\XPBurnComponent.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\e1083921df364b3e48aac232660c5d5d\Microsoft.Practices.ObjectBuilder.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\b72500ce9c7c60791ea09c938759c5ee\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\daf0de4c500e86f6c1050c93c1a14fae\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\4d2a728d49959947598f7211aa093c7f\Microsoft.ApplicationBlocks.Updater.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\8aaa25c004456a5e817374887ed85414\RuleEngine.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\eaa22f20c03cfcef461d52af3ddec717\Microsoft.Win32.TaskScheduler.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\c4b50b179e6e98983b0db27864cf4b99\Agent.Communication.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\67e120fbfb2cc405bc26b8ccc4dd8912\Interop.WUApiLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\aec30082f905e73319731f6c751438b6\ExceptionLogging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\698f8e3c5ceed6d8c31b40a6b1394ebb\Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\ba7786068d8f6d8f718a990e70b79652\Agent.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\2ec6df0354fe3e120e7544e5ea37c35f\Agent.ni.exe ()
MOD - C:\Programme\Driver Whiz\Driver Whiz\ThemePack.DriverWhiz.dll ()
MOD - C:\Programme\Driver Whiz\Driver Whiz\Agent.Communication.XmlSerializers.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f604028a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0c407941\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_71e739e4\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_371d9f31\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cb7d09a0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll ()
MOD - C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Programme\Logitech\Vid HD\SDL.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Programme\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Programme\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll ()
MOD - C:\Programme\Panda Security\Panda Antivirus Pro 2012\LIBXML2.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (eucsrv) -- C:\Programme\ESTOS\UCServer\EUCSrv.exe (ESTOS GmbH)
SRV - (edsservice) -- C:\Programme\ESTOS\ProCall 4\EDeskShareService.exe (ESTOS GmbH)
SRV - (EACUSrv) -- C:\Windows\System32\EACUSrv.exe (ESTOS GmbH)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.382.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.382.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TPSrv) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe (Panda Security, S.L.)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PAVFNSVR) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.)
SRV - (PskSvcRetail) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\psksvc.exe (Panda Security, S.L.)
SRV - (PAVSRV) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (PSHost) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\FIREWALL\PSHost.exe (Panda Security International)
SRV - (Panda Software Controller) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe (Panda Security, S.L.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (PSIMSVC) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PavTPK.sys) -- C:\Windows\system32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\Windows\system32\PavSRK.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (AvFlt) -- C:\Windows\system32\drivers\av5flt.sys File not found
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (NETIMFLT01060044) -- C:\Windows\System32\drivers\neti1644.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (GigasetGenericUSB) -- C:\Windows\System32\drivers\GigasetGenericUSB.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{31B51379-5B84-4BBA-AE07-73F8B6DB526E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120207,17131,0,18,0
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\S.A.D\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\S.A.D\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 09:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.26 12:21:52 | 000,000,000 | ---D | M]
 
[2009.08.16 19:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.08.06 10:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\cxn67kae.default\extensions
[2011.02.24 11:34:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\cxn67kae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.19 17:21:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\cxn67kae.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.07.30 09:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.30 19:12:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.30 19:12:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.06 10:28:24 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXN67KAE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.06.26 11:55:38 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXN67KAE.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.07.30 09:43:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.24 09:10:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.07.14 19:31:18 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.07.30 09:43:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.30 09:43:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.30 09:43:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.30 09:43:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.30 09:43:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.30 09:43:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
 
O1 HOSTS File: ([2012.08.06 11:07:28 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\S.A.D\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ECtiClient] C:\Program Files\ESTOS\ProCall 4\eCtiClient.exe (ESTOS GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [Driver Whiz] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [RoboTask Lite] C:\Programme\RoboTask Lite\RoboTaskLite.exe (Neowise)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [Smart PC Cleaner] C:\Programme\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [sqlncli] C:\Users\user\AppData\Local\Microsoft\Windows\2575\sqlncli.exe File not found
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RoboTask Lite.lnk = C:\Programme\RoboTask Lite\RoboTaskLite.exe (Neowise)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\untermStrich Connector 4VX.lnk = C:\Users\user\AppData\Roaming\Microsoft\Installer\{8FA39767-6370-4AB1-B945-C57157632DE7}\_2cd672ae.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D86EB50E-867B-4A81-983D-A5D3B1BCC7F9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC712867-077E-4AF5-AD74-D58E7A4C68CF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O27 - HKLM IFEO\okilpr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pid.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 11:42:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.31 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.07.31 17:00:48 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Anti-Malware
[2012.07.31 15:31:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.31 15:29:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.07.31 15:14:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.07.31 15:13:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 15:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.31 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 10:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Gigaset QuickSync
[2012.07.30 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Gigaset_Communications_Gm
[2012.07.30 10:32:25 | 000,044,032 | ---- | C] (Siemens Home and Office Communication Devices GmbH & Co. KG) -- C:\Windows\System32\drivers\GigasetGenericUSB.sys
[2012.07.30 10:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync
[2012.07.30 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Gigaset QuickSync
[2012.07.30 09:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.07.30 09:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.07.30 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.07.23 20:42:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple Computer
[2012.07.14 12:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.07.14 12:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.13 08:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.13 08:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.07.12 18:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.07.12 18:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.07.12 18:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012.07.12 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.07.12 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PC_Drivers_Headquarters
[2012.07.12 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2012.07.12 18:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2012.07.12 18:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Whiz
[2012.07.12 09:54:56 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 09:51:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 09:51:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 09:51:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 09:51:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 09:51:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 09:51:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 09:51:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 11:03:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 11:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.06 11:20:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 11:07:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.08.06 10:51:26 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2012.08.06 10:51:26 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2012.08.06 10:51:26 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2012.08.06 10:51:26 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2012.08.06 10:51:26 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2012.08.06 10:51:26 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2012.08.06 10:51:26 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2012.08.06 10:51:26 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2012.08.06 10:51:26 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2012.08.06 10:51:26 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2012.08.06 10:51:26 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2012.08.06 10:51:26 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2012.08.06 10:51:25 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2012.08.06 10:51:25 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2012.08.06 10:49:21 | 000,002,439 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\untermStrich Connector 4VX.lnk
[2012.08.06 10:48:20 | 000,000,456 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2012.08.06 10:48:20 | 000,000,456 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2012.08.06 10:48:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.08.06 10:48:09 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2012.08.06 10:48:09 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2012.08.06 10:48:04 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.06 10:47:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 10:47:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 10:47:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 10:47:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.08.06 08:57:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.06 08:40:18 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012.08.04 18:37:47 | 000,001,718 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.04 09:35:29 | 000,308,760 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012.08.04 09:35:29 | 000,308,760 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2012.08.03 12:05:11 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2012.08.03 10:20:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.03 10:20:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.31 15:30:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.07.31 15:13:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 10:32:24 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk
[2012.07.30 09:16:00 | 015,693,289 | ---- | M] () -- C:\Users\user\Desktop\pdf Pläne_ 12-044 Villa Forsmannstraße.rar
[2012.07.30 09:16:00 | 004,661,279 | ---- | M] () -- C:\Users\user\Desktop\pdf Pläne_ 12-065 Villa Barkenkoppel.rar
[2012.07.30 09:15:10 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.30 09:15:10 | 000,001,798 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.07.27 17:06:04 | 000,632,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.27 17:06:04 | 000,598,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.27 17:06:04 | 000,128,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.27 17:06:04 | 000,105,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 16:31:48 | 000,017,516 | ---- | M] () -- C:\Users\user\Desktop\Dokument3.pdf
[2012.07.25 16:31:10 | 000,015,494 | ---- | M] () -- C:\Users\user\Desktop\Dokument2.pdf
[2012.07.25 14:41:24 | 000,138,243 | ---- | M] () -- C:\Users\user\Desktop\Floorplan-Apartment2.PDF
[2012.07.12 19:00:34 | 354,958,513 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.12 18:54:03 | 000,001,000 | ---- | M] () -- C:\Users\user\Desktop\Driver Genius Professional Edition.lnk
[2012.07.12 18:21:47 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Driver Whiz.lnk
[2012.07.12 12:10:09 | 000,377,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.04 18:37:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.04 18:37:47 | 000,001,718 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.31 15:13:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 10:32:24 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk
[2012.07.30 09:16:00 | 015,693,289 | ---- | C] () -- C:\Users\user\Desktop\pdf Pläne_ 12-044 Villa Forsmannstraße.rar
[2012.07.30 09:16:00 | 004,661,279 | ---- | C] () -- C:\Users\user\Desktop\pdf Pläne_ 12-065 Villa Barkenkoppel.rar
[2012.07.30 09:15:10 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.30 09:15:03 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.07.25 16:31:48 | 000,017,516 | ---- | C] () -- C:\Users\user\Desktop\Dokument3.pdf
[2012.07.25 16:31:10 | 000,015,494 | ---- | C] () -- C:\Users\user\Desktop\Dokument2.pdf
[2012.07.25 14:41:22 | 000,138,243 | ---- | C] () -- C:\Users\user\Desktop\Floorplan-Apartment2.PDF
[2012.07.12 18:54:03 | 000,001,000 | ---- | C] () -- C:\Users\user\Desktop\Driver Genius Professional Edition.lnk
[2012.07.12 18:21:47 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Driver Whiz.lnk
[2012.05.13 17:00:20 | 000,038,495 | ---- | C] () -- C:\Users\user\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.05.04 09:13:21 | 000,000,117 | ---- | C] () -- C:\Users\user\usystem.ini
[2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.02.07 16:33:44 | 000,349,544 | ---- | C] () -- C:\Windows\System32\teleex.exe
[2012.01.11 16:32:28 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2012.01.11 15:36:06 | 000,202,072 | ---- | C] () -- C:\Windows\System32\twxapi32.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.10 20:46:55 | 000,308,760 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011.11.10 20:46:55 | 000,308,760 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011.11.10 19:23:11 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.10.26 03:20:30 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.02 09:03:19 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2011.06.09 18:42:53 | 000,028,160 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.03.06 19:57:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.24 15:13:14 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.04 16:56:31 | 000,022,328 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
 
========== Files - Unicode (All) ==========
[2012.05.17 13:56:15 | 000,000,162 | -H-- | M] ()(C:\Users\user\Desktop\~$RONISCH MU¨DE ?UND ERSCHO¨PFT.docx) -- C:\Users\user\Desktop\~$RONISCH MÜDE
UND ERSCHÖPFT.docx
[2012.05.17 13:56:15 | 000,000,162 | -H-- | C] ()(C:\Users\user\Desktop\~$RONISCH MU¨DE ?UND ERSCHO¨PFT.docx) -- C:\Users\user\Desktop\~$RONISCH MÜDE
UND ERSCHÖPFT.docx

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 06.08.2012 11:39:44 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 46,60% Memory free
6,71 Gb Paging File | 4,11 Gb Available in Paging File | 61,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 312,49 Gb Total Space | 237,48 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 111,81 Gb Total Space | 81,54 Gb Free Space | 72,93% Space Free | Partition Type: UDF
Drive I: | 619,02 Gb Total Space | 618,91 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EEC3527-0C93-4B41-B8D9-E9FD3D1AA94A}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B3C4BDF-45BE-4A17-AFD3-258EE3773C63}" = lport=445 | protocol=6 | dir=in | app=system |
"{3608BBD3-2019-4C21-B7F5-B4E6FE4F62EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{393DC15F-2D1E-49AF-BE03-D36B3EDF3B53}" = lport=137 | protocol=17 | dir=in | app=system |
"{590A517E-9532-4981-85B5-3968447C2B41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65651BFD-4190-493F-B2EF-CE9AA702F9D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{7871CD39-8B2E-4D58-A0C5-FB027351A3B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{83DDF612-45A6-49CB-B9F0-001EF1678534}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0FDCCA7-070B-47E9-B7F2-F713A345803F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A617CEFB-147E-49AB-9F38-D5F586E47466}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF5A1926-F365-470D-9FC7-8F32DC6BF961}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F4315C5F-089A-45E8-A8ED-53001F781A1C}" = lport=7231 | protocol=6 | dir=in | app=c:\program files\estos\procall 4\edeskshareservice.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FAB2C7-0418-49E5-B682-3D2D60042809}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{04FD122F-3533-41F3-B9B5-D839291588D7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{0F411556-F3B9-43C8-BD11-6F1150C5C654}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1CA53D9E-CDE8-4613-8991-2F5234FB9969}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{1CE78F79-6EF6-44F5-8A3C-DC2FB34F08E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22C0BFFB-7D31-4CE5-9DBF-364EB1114E20}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{34D69134-C61E-4B55-8BD1-545E32B74397}" = dir=in | app=c:\windows\system32\eacusrv.exe |
"{3DD20EB7-B055-4C0A-92B2-BC128428C826}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{4C9E2D58-0EEF-438C-8664-64A71DCD16B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{53CA2F61-3FB1-4701-B5E5-FA67EA500DFC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5C7407F0-74EB-4B15-8F59-F7EF16F98BB8}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{64A77B01-161D-424B-8C09-C47F08C8722A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6C202913-EEDA-4AD8-B49C-63BA93A5E37D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{6D922247-1BBA-4A2A-8B20-371DAA3674E3}" = dir=in | app=c:\program files\estos\ucserver\eucsrv.exe |
"{76CC6606-61B5-4B73-9BB1-CD57B29A2CC9}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{82F56155-8194-42CC-8F74-EE0825E979C6}" = dir=in | app=c:\program files\estos\ucserver\eucsrv.exe |
"{892301B9-410C-41B3-BFBC-0AD9DF304B41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8E7085A6-EACF-4916-BA25-5C6F276E8D30}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{900E89C2-9028-4903-B98A-A3176E630655}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{95076ADD-67EE-4E02-BDDE-6B36B7D77C99}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9ED8BABE-205B-4680-83B7-637A6AC1873A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A13575B3-F7AE-4512-BF7A-555B15C5F0F5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{ABA14C3E-1517-492F-AA5B-4EBE8FE3A32C}" = dir=in | app=c:\windows\system32\eacusrv.exe |
"{B1C5EE2C-E2E8-40CC-B636-91FEC9962214}" = protocol=17 | dir=in | app=c:\program files\estos\procall 4\edeskshare.exe |
"{BD552A4B-AD52-489D-BC27-BCA1C1C9851F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C1DA335C-4349-4911-BB34-992A2D2DDCED}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C3A2A780-3C35-457B-81E8-4BF760D1C835}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C8A668E9-B052-4841-88C5-D34B0BEF8BED}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{CC876874-4387-4BDA-AF23-07691B5C75B0}" = protocol=17 | dir=in | app=c:\program files\lexmark\pssu\pssu.exe |
"{CE53D03D-B425-4EF2-871F-446E0C19DFEB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D1F49E59-051D-4C00-96FC-FF867F0C626C}" = protocol=6 | dir=in | app=c:\program files\lexmark\pssu\pssu.exe |
"{D51828E1-7F5B-4D23-9114-0FF1684070C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8AE2FBC-2C8C-48C5-824B-DBB1B44D68DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB6ABFA7-7BDC-4E9F-BF74-2B543F319EB9}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F7900089-C71E-4BBE-ACB5-B67731C7121F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FF7185D5-F04F-4EBB-AEE8-41EBF4513E0E}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"TCP Query User{0388ACB0-1843-4B82-85FC-82C3533EDA98}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{6BA65831-C2F7-4941-8BB6-46EF9817049A}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"TCP Query User{AEE9C571-3CFB-4A32-B514-A75F572781D6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{7A0B6F42-46C0-4658-8819-6457594CD13A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CCE9F6DA-9FBB-4DB3-B94B-6CCFC34894F0}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"UDP Query User{D225EE07-D8F9-4031-960B-D5FB2A39F366}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{03b23ab3-4d80-4771-9eb6-658610cfd682}" = Nero 9 Essentials
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{465914BD-324C-4442-A9F6-E9347AB38EB8}" = OKI LPR-Dienstprogramm
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D8B25F4-855F-4D39-9486-4DCC3AAB3436}_is1" = RoboTask Lite 3.0
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EACC3F4-22F5-48CF-A892-38A04F8589BA}" = ESTOS UCServer
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8FA39767-6370-4AB1-B945-C57157632DE7}" = untermStrich Connector 4VX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6565F8-141B-453C-AD5B-51A3430A6508}" = ECSTA for OmniPCX
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch-Dienstprogramm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FBA7C23E-CF2D-4CEB-9648-95D34D5C5CF1}" = ESTOS ProCall
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FinalMediaPlayer_is1" = Final Media Player 2011
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lexmark_HostCD" = Lexmark Software deinstallieren
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"USBKVM Switcher_is1" = USBKVM Switcher 1.30
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 12:44:39 | Computer Name = user-PC | Source = Driver Whiz | ID = 100
Description =
 
Error - 04.08.2012 12:44:39 | Computer Name = user-PC | Source = Driver Whiz | ID = 200
Description =
 
Error - 04.08.2012 12:47:43 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.08.2012 12:53:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.08.2012 02:34:36 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung lsm.exe, Version 6.0.6001.18000, Zeitstempel
 0x47919260, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x2e8, Anwendungsstartzeit
 01cd739d895dab04.
 
Error - 06.08.2012 02:34:41 | Computer Name = user-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
Error - 06.08.2012 02:38:22 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.08.2012 02:44:07 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.08.2012 03:20:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.08.2012 04:49:32 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.11.2011 15:46:44 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24925
 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error - 12.04.2012 08:13:55 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2012 03:29:43 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2012 13:12:39 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 949
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 07:11:41 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.05.2012 06:41:27 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12306
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 31.05.2012 04:11:34 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2387
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error - 30.06.2012 09:59:52 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2012 04:47:59 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.07.2012 09:01:27 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.08.2012 04:39:42 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 04:49:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 04:49:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 06.08.2012 04:49:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.08.2012 04:49:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 06.08.2012 04:59:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 05:09:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 05:19:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 05:29:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.08.2012 05:39:20 | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
--- --- ---

Vielen Dank im voraus schon einmal für etwaige Hilfen!

Liebe Grüße

t'john 06.08.2012 15:53
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
MOD - C:\Users\user\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
DRV - (PavTPK.sys) -- C:\Windows\system32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\Windows\system32\PavSRK.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (AvFlt) -- C:\Windows\system32\drivers\av5flt.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{31B51379-5B84-4BBA-AE07-73F8B6DB526E}: "URL" = http://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120207,17131,0,18,0
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-2376316046-3636454582-394295864-1000..\Run: [sqlncli] C:\Users\user\AppData\Local\Microsoft\Windows\2575\sqlncli.exe File not found
O4O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\untermStrich Connector 4VX.lnk = C:\Users\user\AppData\Roaming\Microsoft\Installer\{8FA39767-6370-4AB1-B945-C57157632DE7}\_2cd672ae.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O27 - HKLM IFEO\okilpr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pid.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

 
[2012.08.06 08:57:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.04 18:37:47 | 000,001,718 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

handnavi 06.08.2012 16:13
Danke! Die Fehlermeldung beim Neustart ist schon mal weg.
Hier der Log:

Code:
All processes killed
========== OTL ==========
Error: Unable to stop service PavTPK.sys!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavTPK.sys deleted successfully.
File  C:\Windows\system32\PavTPK.sys File not found not found.
Error: Unable to stop service PavSRK.sys!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavSRK.sys deleted successfully.
File  C:\Windows\system32\PavSRK.sys File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Error: Unable to stop service AvFlt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvFlt deleted successfully.
File  C:\Windows\system32\drivers\av5flt.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
C:\Windows\System32\dvmurl.dll moved successfully.
HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31B51379-5B84-4BBA-AE07-73F8B6DB526E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B51379-5B84-4BBA-AE07-73F8B6DB526E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ not found.
HKU\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2376316046-3636454582-394295864-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sqlncli deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\okilpr.exe\ deleted successfully.
C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pid.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\ras_0oed.pad moved successfully.
File C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 345590 bytes
->Temporary Internet Files folder emptied: 32880217 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 575900650 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 988 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186 bytes
RecycleBin emptied: 588346 bytes
 
Total Files Cleaned = 581,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: user
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08062012_170635

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET8AB1.tmp not found!
File\Folder C:\Windows\temp\JET8AE0.tmp not found!
File\Folder C:\Windows\temp\JET8AF0.tmp not found!
File\Folder C:\Windows\temp\JET8B1F.tmp not found!
File\Folder C:\Windows\temp\JET8B2E.tmp not found!
File\Folder C:\Windows\temp\JET8B3E.tmp not found!

PendingFileRenameOperations files...
File C:\Windows\temp\JET8AB1.tmp not found!
File C:\Windows\temp\JET8AE0.tmp not found!
File C:\Windows\temp\JET8AF0.tmp not found!
File C:\Windows\temp\JET8B1F.tmp not found!
File C:\Windows\temp\JET8B2E.tmp not found!
File C:\Windows\temp\JET8B3E.tmp not found!

Registry entries deleted on Reboot...

t'john 06.08.2012 17:08
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

handnavi 06.08.2012 17:40
Der Rechner läuft super! :)

Malwarebytes:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

06.08.2012 17:15:46
mbam-log-2012-08-06 (17-15-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 320622
Laufzeit: 1 Stunde(n), 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner:
Code:
# AdwCleaner v1.703 - Logfile created 08/06/2012 at 18:40:02
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

-\\ Google Chrome v15.0.874.120

*************************

AdwCleaner[R1].txt - [1253 octets] - [31/07/2012 16:51:14]
AdwCleaner[S1].txt - [1329 octets] - [31/07/2012 16:51:37]
AdwCleaner[R2].txt - [844 octets] - [06/08/2012 18:40:02]

########## EOF - C:\AdwCleaner[R2].txt - [971 octets] ##########

t'john 06.08.2012 17:42
Wo ist AdwCleaner[S1].txt ?

handnavi 06.08.2012 17:45
Oh sorry, gar nicht gesehen.

Code:
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 16:51:14
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

-\\ Google Chrome v15.0.874.120

*************************

AdwCleaner[R1].txt - [1124 octets] - [31/07/2012 16:51:14]

########## EOF - C:\AdwCleaner[R1].txt - [1252 octets] ##########
Die dazugehörige S[1]
Code:
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 16:51:37
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

-\\ Google Chrome v15.0.874.120

*************************

AdwCleaner[R1].txt - [1253 octets] - [31/07/2012 16:51:14]
AdwCleaner[S1].txt - [1200 octets] - [31/07/2012 16:51:37]

########## EOF - C:\AdwCleaner[S1].txt - [1328 octets] ##########

t'john 06.08.2012 17:53
Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

handnavi 06.08.2012 19:58
Erledigt!

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 06.08.2012 18:57:16

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, I:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        06.08.2012 18:57:33


Gescannt        583524
Gefunden        0

Scan Ende:        06.08.2012 19:52:12
Scan Zeit:        0:54:39

t'john 07.08.2012 13:57
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

t'john 23.08.2012 00:03
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19