| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: searchqu.com/413Windows 7 Hier gehören alle Fragen zum Thema Trojaner, Viren, Würmer, Dialer, Spyware und andere Plagegeister hinein. |
 |
09.09.2011, 08:06
| #1 |
 |  searchqu.com/413 Guten Morgen, Bei meinen beiden Browsern IE und Firefox erscheint als Startseite "searchqu.com/413". Wenn ich wieder auf Google als Startseite umschalte, kommt beim jedem Neustart wieder die Seite "searchqu.com/413". Ein Entfernen ist nicht möglich. Beim googlen habe ich erfahren, dass es sich um einen Trojaner handeln soll. EinSystemscan mit Norton Internet Security bringt keine Besserung. Danach habe ich mir "Spybot S&D" herunter geladen. Dieses Programm findet eine "jZip.Toolbar (AdwareC)", wenn ich das Programm anweise, dieses zu löschen wird dies auch vom Programm gemacht - bei nochmaligem Scan erscheint aber wieder die Meldung, dass "jZip.toolbar" gefunden wurde. Beim googlen habe ich erfahren, dass es sich bei searchqu.com/413 um einen Trojaner handeln soll. (Ist das richtig??). Wie kann ich das Problem lösen? Für Hilfe bin ich dankbar! |
|
09.09.2011, 15:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AW: searchqu.com/413 Hallo und  Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Keine Hilfe per PN! Nutze das Forum! Daten retten nach Verschlüsselungstrojaner | Bitte keine HijackThis Logs posten Das Trojaner-Board unterstützen |
|
09.09.2011, 18:43
| #3 |
| | AW: searchqu.com/413 Hallo Arne, danke für die Hilfe! Anbei das Logfile sowie der Inhalt der OTL.txt Datei. Meinst Du, wir bekommen das wieder hin? Die Datei OTL.txt enthalt folgenden Inhalt: Grüße FrankOTL Logfile: Code:
OTL logfile created on: 09.09.2011 17:41:04 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = E:\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 28,25% Memory free 8,18 Gb Paging File | 5,87 Gb Available in Paging File | 71,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 522,89 Gb Total Space | 243,91 Gb Free Space | 46,65% Space Free | Partition Type: NTFS Drive E: | 393,97 Gb Total Space | 252,71 Gb Free Space | 64,15% Space Free | Partition Type: NTFS Computer Name: ARBEITSZIMMER | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.09 17:38:44 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe PRC - [2011.08.09 20:54:18 | 001,599,888 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2011.07.13 02:50:48 | 001,302,640 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.09.18 11:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe PRC - [2008.09.18 11:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe PRC - [2008.07.07 17:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe PRC - [2008.06.05 02:14:58 | 011,932,968 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe PRC - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWOW64\HidService.exe PRC - [2008.01.21 04:48:19 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.04.20 15:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe PRC - [2002.07.05 16:37:18 | 000,491,008 | ---- | M] (Chicony) -- C:\Windows\mHotkey.exe ========== Modules (No Company Name) ========== MOD - [2011.07.13 11:08:58 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\rscorewinapi47.dll MOD - [2011.07.13 03:32:25 | 004,429,824 | ---- | M] () -- C:\PROGRAM FILES (X86)\WISO\STEUERSOFTWARE 2011\wstyle11.dll MOD - [2011.07.13 03:32:17 | 024,962,048 | ---- | M] () -- C:\PROGRAM FILES (X86)\WISO\STEUERSOFTWARE 2011\wstyle111.dll MOD - [2011.07.13 03:30:44 | 004,231,168 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wauff11.dll MOD - [2011.07.13 03:25:39 | 001,800,704 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wfvie11.dll MOD - [2011.07.13 02:50:48 | 001,302,640 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe MOD - [2011.07.13 02:38:15 | 001,362,944 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wreli11.dll MOD - [2011.07.13 02:36:17 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\rsodbc47.dll MOD - [2011.07.13 02:36:06 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\rsdcom47.dll MOD - [2011.07.13 02:35:56 | 007,802,368 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wgui11.dll MOD - [2011.07.13 02:21:10 | 003,110,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wcore11.dll MOD - [2011.07.13 02:16:08 | 001,363,456 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\wsteu11.dll MOD - [2011.07.13 02:13:54 | 000,314,880 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\rsguiwinapi47.dll MOD - [2011.03.21 13:49:42 | 000,701,952 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtSqlrs47.dll MOD - [2011.02.01 10:17:40 | 000,357,376 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtXmlrs47.dll MOD - [2011.02.01 10:17:19 | 011,162,624 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtWebKitrs47.dll MOD - [2011.02.01 10:17:18 | 000,280,576 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtSvgrs47.dll MOD - [2011.02.01 10:17:18 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtTestrs47.dll MOD - [2011.02.01 10:17:17 | 001,329,152 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtScriptrs47.dll MOD - [2011.02.01 10:17:16 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtNetworkrs47.dll MOD - [2011.02.01 10:17:13 | 008,854,016 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtGuirs47.dll MOD - [2011.02.01 10:17:10 | 002,394,112 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\Qt3Supportrs47.dll MOD - [2011.02.01 10:17:10 | 002,341,376 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\QtCorers47.dll MOD - [2011.02.01 10:17:09 | 000,271,360 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2011\phononrs47.dll MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2006.01.06 14:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll MOD - [2005.08.05 16:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll MOD - [2004.12.14 12:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll MOD - [2004.12.01 17:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll MOD - [2001.07.02 20:36:30 | 000,024,576 | ---- | M] () -- C:\Windows\HKNTDLL.dll MOD - [2001.02.09 09:00:36 | 000,079,264 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office10\BLNMGR.DLL MOD - [2001.02.09 09:00:36 | 000,062,880 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office10\BLNMGRPS.DLL MOD - [2000.11.06 10:15:22 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office10\intldate.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixtomcat) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixsupervisor) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixsmtp) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [Auto | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixp_ths-dammy) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixp_ths-20100614) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixp_schulportal) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixp_intrexx) SRV - [2011.01.05 06:36:55 | 000,490,496 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\intrexx\bin\windows\amd64\svcwrapper.exe -- (upixderby) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009.01.13 22:17:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.11 16:38:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.03.31 05:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM) DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011.03.22 02:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2010.10.27 19:23:50 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2009.01.13 22:15:42 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2011.09.02 19:04:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110908.023\EX64.SYS -- (NAVEX15) DRV - [2011.09.02 19:04:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110908.023\ENG64.SYS -- (NAVENG) DRV - [2011.09.02 02:04:08 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011.08.23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110908.030\IDSviA64.sys -- (IDSVia64) DRV - [2011.07.28 06:50:34 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.07.28 06:50:34 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008.07.16 13:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Frank\AppData\Local\Temp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/413" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: o2cplayer@eleco.com:2.0.0.56 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40723.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.08.17 14:51:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011.09.08 17:10:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.07 20:55:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.17 00:51:26 | 000,000,000 | ---D | M] [2011.09.09 05:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2011.09.09 06:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\2p7h9n0e.default\extensions [2010.06.29 15:55:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\2p7h9n0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.18 16:54:03 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\2p7h9n0e.default\extensions\o2cplayer@eleco.com [2010.09.19 14:01:50 | 000,002,449 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\2p7h9n0e.default\searchplugins\safesearch.xml [2011.09.08 06:12:48 | 000,002,503 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\2p7h9n0e.default\searchplugins\SearchResults.xml [2011.09.08 06:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.06.24 17:11:21 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2010.06.13 20:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.15 18:08:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.06 09:48:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.12 20:16:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.06 05:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.06.24 17:11:21 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com [2011.09.08 17:10:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3 [2011.08.17 14:51:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN [2011.09.07 20:55:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.08 06:12:48 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.07 00:56:46 | 000,436,305 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Free Spyware | Cash Advance | Debt Consolidation | Insurance | Cell Phones at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15019 more lines... O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe (Chicony) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI9130~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingB1923] File not found O4 - HKCU..\RunOnce: [SpybotDeletingB5166] File not found O4 - HKCU..\RunOnce: [SpybotDeletingB6362] File not found O4 - HKCU..\RunOnce: [SpybotDeletingD3072] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD503] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [SpybotDeletingD7718] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B972FB11-0AEF-40C5-925A-6A9EC110583A}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe - () MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.MP42 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.09 17:38:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe [2011.09.09 15:36:47 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2011.09.09 15:36:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.09 15:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.09 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.09 15:36:30 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.09 15:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.09 15:33:47 | 000,000,000 | ---D | C] -- E:\Dokumente\xxProgramme [2011.08.26 19:39:17 | 000,000,000 | ---D | C] -- E:\Dokumente\Steuer-Sparbuch [2011.08.26 19:26:52 | 000,000,000 | ---D | C] -- E:\Dokumente\Mein Steuer-Sparbuch Heute [2011.08.26 18:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2011 [2011.08.21 21:06:31 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2011.08.20 12:51:04 | 000,000,000 | ---D | C] -- E:\Dokumente\Intel_Trainingspaket_2011 [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.09 17:45:24 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.09.09 17:38:44 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe [2011.09.09 17:09:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.09 17:09:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.09 17:00:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.09 15:20:27 | 000,000,600 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\winscp.rnd [2011.09.09 10:38:17 | 000,001,018 | ---- | M] () -- C:\Windows\wiso.ini [2011.09.09 08:34:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.09.09 07:12:43 | 000,000,476 | ---- | M] () -- C:\Windows\wininit.ini [2011.09.09 06:00:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.08 17:17:16 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.08 17:17:16 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.08 17:17:16 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.08 17:17:16 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.08 17:17:16 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.08 17:10:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.09.08 17:10:01 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.08 17:10:01 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.08 17:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.08 17:09:41 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2011.09.08 06:12:49 | 000,000,820 | ---- | M] () -- E:\Desktop\Free FLV Converter.lnk [2011.09.02 19:26:45 | 000,099,840 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.26 19:04:14 | 000,001,962 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2011.08.26 19:04:14 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk [2011.08.25 15:48:03 | 000,000,043 | ---- | M] () -- E:\Desktop\shim.gif [2011.08.17 07:59:40 | 000,199,324 | ---- | M] () -- E:\Desktop\Turnhalle Genkingen_WC.pdf [2011.08.17 06:56:55 | 000,000,043 | ---- | M] () -- C:\Windows\hpfccopy.INI [2011.08.17 00:51:29 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.26 19:04:14 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2011.08.26 19:04:14 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk [2011.08.25 15:48:03 | 000,000,043 | ---- | C] () -- E:\Desktop\shim.gif [2011.08.17 07:59:39 | 000,199,324 | ---- | C] () -- E:\Desktop\Turnhalle Genkingen_WC.pdf [2011.08.17 00:51:29 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.08.07 01:11:46 | 000,000,476 | ---- | C] () -- C:\Windows\wininit.ini [2011.05.26 18:47:48 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE [2011.05.26 18:47:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\VADE232.DLL [2011.05.26 18:47:47 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL [2011.05.26 18:47:44 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL [2011.05.26 18:47:43 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL [2011.05.10 15:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Frank\AppData\Local\{D1BFBBC5-2408-4B5D-B0D7-6349CEACE737} [2011.05.08 17:04:02 | 000,000,352 | ---- | C] () -- C:\Users\Frank\AppData\Local\RAExpertHistory.xml [2011.02.22 16:47:43 | 000,000,322 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\wklnhst.dat [2010.11.24 21:37:14 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.11.24 21:37:13 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.09.14 19:05:42 | 000,024,247 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\UserTile.png [2009.07.31 14:08:31 | 000,000,600 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\winscp.rnd [2009.07.22 19:49:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.07.18 19:05:24 | 000,001,018 | ---- | C] () -- C:\Windows\wiso.ini [2009.06.26 18:25:00 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll [2009.06.26 18:25:00 | 000,000,493 | ---- | C] () -- C:\Windows\Instit.ini [2009.06.24 16:39:53 | 000,000,043 | ---- | C] () -- C:\Windows\hpfccopy.INI [2009.06.24 16:24:43 | 000,142,448 | ---- | C] () -- C:\Windows\hpgins30.dat [2009.06.24 15:09:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.06.20 17:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.17 21:25:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.06.17 21:24:44 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.06.17 21:24:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.16 18:56:30 | 000,099,840 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.16 17:30:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.06.15 17:09:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.06.15 17:09:47 | 000,008,460 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.04.16 23:48:52 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.13 22:15:39 | 000,001,657 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.13 22:08:35 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini [2009.01.13 21:11:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.07.23 01:37:02 | 000,000,149 | ---- | C] () -- C:\Windows\hpgmdl30.dat [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2010.06.19 17:21:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\.intrexx [2011.02.15 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\.intrexx51 [2009.07.18 19:05:36 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Buhl Data Service [2011.09.08 06:15:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FreeFLVConverter [2011.05.03 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FRITZ! [2011.05.03 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.03.04 07:34:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Image Zone Express [2009.11.18 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\K-Meleon [2010.11.25 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org [2009.06.15 17:15:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Packard Bell [2010.09.14 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PeerNetworking [2009.06.24 16:39:08 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Printer Info Cache [2010.10.29 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TeamViewer [2011.02.22 16:47:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2010.03.21 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tific [2011.09.08 10:44:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.19 17:21:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\.intrexx [2011.02.15 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\.intrexx51 [2011.05.05 14:33:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe [2010.10.27 19:28:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ArcSoft [2009.07.18 19:05:36 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Buhl Data Service [2010.06.27 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\dvdcss [2011.09.08 06:15:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FreeFLVConverter [2011.05.03 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FRITZ! [2011.05.03 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FRITZ!fax für FRITZ!Box [2009.06.15 18:26:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Google [2009.06.24 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP [2011.03.26 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HpUpdate [2009.06.15 17:10:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities [2011.03.04 07:34:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Image Zone Express [2009.07.18 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\InstallShield [2009.11.18 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\K-Meleon [2009.06.15 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia [2011.09.09 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs [2011.08.22 22:32:21 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft [2009.08.05 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Microsoft Web Folders [2009.06.20 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla [2009.06.15 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nero [2010.11.25 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org [2009.06.15 17:15:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Packard Bell [2010.09.14 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PeerNetworking [2009.06.24 16:39:08 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Printer Info Cache [2010.10.29 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TeamViewer [2011.02.22 16:47:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2010.03.21 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tific [2011.06.14 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\vlc [2011.01.16 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2009.10.04 20:47:34 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.11.19 21:31:45 | 000,065,536 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{BA3F1A13-AB67-4183-A31C-E753618DDFF4}\_66043BB1DFC8_461C_8220_513169506546.exe [2009.06.18 16:27:37 | 000,025,214 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}\_d423bfe.exe [2011.08.17 17:44:20 | 001,042,160 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\2p7h9n0e.default\extensions\o2cplayer@eleco.com\Plugins\dx9setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [1998.03.12 19:27:18 | 000,025,904 | ---- | M] (Microsoft Corporation) MD5=0129108B20949DFBBD4C58CEE55254D4 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\ATAPI.SYS [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [1998.03.12 19:27:20 | 000,025,904 | ---- | M] (Microsoft Corporation) MD5=3C4B3CE92ED71F82111C041DC326E9FB -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\ATAPI.SYS [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [1998.03.12 19:27:20 | 000,050,960 | ---- | M] (Microsoft Corporation) MD5=3EEFD58D1D30673072824862736E4C1E -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\EVENTLOG.DLL [1998.03.12 19:27:18 | 000,050,960 | ---- | M] (Microsoft Corporation) MD5=AB1F9E1CAAD1A373A1DC7E92F974F877 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\EVENTLOG.DLL < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [1998.03.12 19:27:20 | 000,152,336 | ---- | M] (Microsoft Corporation) MD5=19CB5828FC1F93FBC909A9641DFD0E42 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\NETLOGON.DLL [1998.03.12 19:27:18 | 000,152,336 | ---- | M] (Microsoft Corporation) MD5=2AF28D81DAEE2A72C1341AC526926815 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\NETLOGON.DLL [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [1998.03.13 22:22:36 | 000,330,512 | ---- | M] (Microsoft Corporation) MD5=A61FCE078B74D166BC61EEBA67FBC279 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\USER32.DLL [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [1998.03.12 19:27:20 | 000,331,024 | ---- | M] (Microsoft Corporation) MD5=E61EEE788F3ABB983DBBD81E2B093B7C -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\USER32.DLL [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe [1998.03.13 22:22:36 | 000,026,896 | ---- | M] (Microsoft Corporation) MD5=A671A8834DD2F101F877F5D5DACE6812 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\USERINIT.EXE [1998.03.12 19:27:20 | 000,026,896 | ---- | M] (Microsoft Corporation) MD5=DF17DE549F30F99C23ADED6656AABF2A -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\USERINIT.EXE < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [1998.05.15 20:01:00 | 000,042,181 | ---- | M] () MD5=4B4201A7BE355B0648C10930E0141CA3 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\WINDOWS\WININIT.EXE < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [1998.03.12 19:27:20 | 000,183,568 | ---- | M] (Microsoft Corporation) MD5=8AC8D65D4E7C564F5B0B1558CBF450B6 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3DE\WINLOGON.EXE [1998.03.13 22:22:36 | 000,183,056 | ---- | M] (Microsoft Corporation) MD5=AE870325EE7228C8836F756AB5B3A874 -- C:\Users\Frank\XXXXX_Festplatte_alt\Helga Comutersicher\SOFTWARE\WINNT\SP3EN\WINLOGON.EXE [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.09.13 17:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> E:\Desktop\Bonhoeffer.avi:TOC.WMV < End of report > |
|
09.09.2011, 20:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AW: searchqu.com/413 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Keine Hilfe per PN! Nutze das Forum! Daten retten nach Verschlüsselungstrojaner | Bitte keine HijackThis Logs posten Das Trojaner-Board unterstützen |
|
09.09.2011, 20:53
| #5 |
| | AW: searchqu.com/413 Hallo Arne, soweit ich mich erinnern kann, gab es keine weiteren Logfiles mehr. Leider habe ich das Programm geschlossen (ohne die erkannten Probleme zu bereinigen). Ich kann aber das Programm noch einmal drüber laufen lassen...Soll ich die erkannten Probleme dann auch gleich vom Programm beheben lassen? Dafür habe ich beim Programm OTL noch eine "Extra.txt" Datei mit folgendem Inhalt gefunden: OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 09.09.2011 17:41:04 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = E:\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 28,25% Memory free
8,18 Gb Paging File | 5,87 Gb Available in Paging File | 71,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 522,89 Gb Total Space | 243,91 Gb Free Space | 46,65% Space Free | Partition Type: NTFS
Drive E: | 393,97 Gb Total Space | 252,71 Gb Free Space | 64,15% Space Free | Partition Type: NTFS
Computer Name: ARBEITSZIMMER | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4E 4B 9C 71 06 F0 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1022C695-23F3-46FF-AA62-78CA87184763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2902E8CB-0759-46C5-BD3D-60CD4AC7FBD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DB3B2D6-AB6D-4C86-AA07-22596B61FD98}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C7FB6A6-EB0C-403C-AE81-CEF7EE475E98}" = rport=137 | protocol=17 | dir=out | app=system |
"{5912B5D5-5005-4BD8-8B99-F1BA07EAAA7B}" = rport=139 | protocol=6 | dir=out | app=system |
"{6F355BA0-9677-4B5F-8F41-702E2E50D09F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A26F7EC8-F14E-4537-805D-11A6345282D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A6352D13-2DDC-4680-8500-2DBDE25903DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1255E2A-6EE6-401D-97EB-73C8B7B69DC0}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEE32A44-6299-47F4-A398-F04F5844D516}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8CC32AB-E5E8-40AB-91E7-3B5A861EB661}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EEB71374-D84B-4EAD-ACA3-332D565ED758}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FDCD175-87CD-45FB-8BB6-5947474279AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{12C93C0B-5148-45F4-A829-489FE73D8A0F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2149A2FE-44F7-4025-96E0-2F1FE91A311C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{267559EC-B0D8-4CA8-904E-53D65C4A8617}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CC1F866-3F69-4B17-BB7E-E69172C1EA34}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3B17B974-1B92-4ABC-B9A0-F9F8F8ACA62A}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{49109A8A-EA15-484A-BA00-9AAFA8D60759}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{4AB60FDF-7728-47A6-99F9-83C813A1FA36}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6825C6D4-ECC9-4D70-8103-08AC4A387A30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6AC2499A-55AF-4362-B17D-CD31DF3BC6F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F832D97-442F-436B-9BB9-425ED1148759}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{90E5594F-D131-444A-AD97-4B691BD0AB46}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{91BE4134-BA37-45FF-8066-8D880169A69D}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{C08C22CB-CAD0-407E-ABC7-F82CB98D8CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{DCE1E004-1AD8-4C69-AC16-0FB6AE15E210}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B783C4-E706-43A3-98FE-CAE11691F2F4}" = Intrexx Prerequisites 2010
"{F4158BB4-98FA-4ad5-A0FE-3913A0714A44}" = HP Scanjet G2710 9.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Intrexx Portal Server" = Intrexx
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Works9se" = Microsoft Works 9.0 SE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{492BBE30-E09E-4663-825D-A20DFC45CA1E}" = hpg2710QFolder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B15290C0-BF1E-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BA3F1A13-AB67-4183-A31C-E753618DDFF4}" = Playway 1 - Lernsoftware zum Arbeitsheft
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6738F45-D704-4D83-9E51-24695E717D09}" = ODF Add-in für Microsoft Word
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB7D6F0D-B5BB-4E69-83BA-E238178C08A9}" = ODF Add-in für Microsoft Excel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F370BB9F-704A-4886-807B-F6CA31AF8D38}" = hpg2710
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Areca" = Areca
"Begleit-CD-ROM zu Volkswirtschaftliches Handeln,~E8FB3C20_is1" = Begleit-CD-ROM zu Volkswirtschaftliches Handeln, Strukturen - P
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"eMindMaps" = eMindMaps
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free FLV Converter_is1" = Free FLV Converter V 7.1.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Updater" = Google Updater
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MWSnap 3" = MWSnap 3
"NIS" = Norton Internet Security
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"Softwareprofi Database Engine 1.02" = Softwareprofi Database Engine 1.02
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.9
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.02.2011 01:57:26 | Computer Name = Arbeitszimmer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.02.2011 01:57:38 | Computer Name = Arbeitszimmer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.02.2011 01:57:39 | Computer Name = Arbeitszimmer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.02.2011 01:57:40 | Computer Name = Arbeitszimmer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.02.2011 01:57:48 | Computer Name = Arbeitszimmer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.02.2011 04:35:40 | Computer Name = Arbeitszimmer | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 24.02.2011 04:36:50 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2011 04:46:08 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2011 05:16:18 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2011 01:49:04 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.09.2011 08:50:25 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 06.09.2011 10:29:49 | Computer Name = Arbeitszimmer | Source = Print | ID = 6161
Description = Das Dokument 110906 WG E Zahlungseingänge.pdf im Besitz von Frank
konnte nicht auf dem Drucker Kyocera Mita FS-1010 gedruckt werden. Versuchen Sie
erneut, das Dokument zu drucken, oder starten Sie den Druckspooler erneut. Datentyp:
NT EMF 1.008. Größe der Spooldatei in Bytes: 3307152. Anzahl der gedruckten Bytes:
623320. Gesamtanzahl der Seiten des Dokuments: 5. Anzahl der gedruckten Seiten:
1. Clientcomputer: \\ARBEITSZIMMER. Vom Druckprozessor zurückgegebener Win32-Fehlercode:
0. Der Vorgang wurde erfolgreich beendet.
Error - 07.09.2011 00:50:31 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2011 14:54:19 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2011 16:55:35 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2011 23:45:21 | Computer Name = Arbeitszimmer | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Kyocera Mita FS-1010 nicht unter
dem Namen Kyocera Mita FS-1010 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 07.09.2011 23:45:46 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 08.09.2011 04:34:13 | Computer Name = Arbeitszimmer | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Kyocera Mita FS-1010 nicht unter
dem Namen Kyocera Mita FS-1010 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 08.09.2011 04:35:18 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
Error - 08.09.2011 11:10:29 | Computer Name = Arbeitszimmer | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von friecky (09.09.2011 um 21:25 Uhr) |
|
09.09.2011, 21:10
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AW: searchqu.com/413 Äh nee, ich wollte eigentlich nur wissen, ob du Malwarebytes schonmal ausgeführt hast, bevor ich dir sagte du sollst es mal scannen lassen.
__________________ Keine Hilfe per PN! Nutze das Forum! Daten retten nach Verschlüsselungstrojaner | Bitte keine HijackThis Logs posten Das Trojaner-Board unterstützen |
|
09.09.2011, 21:29
| #7 |
| | AW: searchqu.com/413 Gut - so ein Scan dauert bei mir nämlich eine gefühlte Ewigkeit ;-) Aber zu Deiner Frage: Ich habe das Programm vorher noch nicht genutzt. |
|
09.09.2011, 22:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AW: searchqu.com/413 Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner Vorbereitung
__________________ Keine Hilfe per PN! Nutze das Forum! Daten retten nach Verschlüsselungstrojaner | Bitte keine HijackThis Logs posten Das Trojaner-Board unterstützen |
|
10.09.2011, 05:11
| #9 |
| | AW: searchqu.com/413 Guten Morgen Arne, Inhalt des log.txt: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=98ce74de2ea46a45b7ad05e0148f8d74 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-10 12:19:34 # local_time=2011-09-10 02:19:34 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 100 56 62594311 153123508 0 0 # compatibility_mode=8192 67108863 100 0 220 220 0 0 # scanned=565423 # found=5 # cleaned=0 # scan_time=14372 C:\Users\Frank\XXXXX_Festplatte_alt\Download\Downloads\Setup56_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Users\Frank\XXXXX_Festplatte_alt\Video_Konvertiert\Setup_FreeFlvConverter25.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I E:\Dokumente\Noch zuordnen\Video_Konvertiert\Setup_FreeFlvConverter25.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I E:\Download\Setup65_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I E:\Download\Download-alt\Downloads\Setup56_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
|
11.09.2011, 13:06
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AW: searchqu.com/413 Die Funde von ESET können wir ignorieren. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
:OTL
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/413"
FF - prefs.js..extensions.enabledItems: o2cplayer@eleco.com:2.0.0.56
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&q="
[2009.06.24 17:11:21 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.06.24 17:11:21 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com
[2011.09.08 17:10:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3
[2011.08.17 14:51:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI9130~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{631516c2-3ce7-11db-acfe-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN\AUTORUN.EXE
@Alternate Data Stream - 64 bytes -> E:\Desktop\Bonhoeffer.avi:TOC.WMV
:Files
C:\Program Files (x86)\pdfforge Toolbar
C:\PROGRA~2\WI9130~1\Datamngr\ToolBar
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Keine Hilfe per PN! Nutze das Forum! Daten retten nach Verschlüsselungstrojaner | Bitte keine HijackThis Logs posten Das Trojaner-Board unterstützen |
|
| Stichworte zu searchqu.com/413 |
| als startseite, browser, browsern, entferne, entfernen, erscheint, firefox, google, guten, hilfe, interne, internet, löschen, meldung, morgen, neustart, norton, norton internet security, problem, programm, richtig, searchqu.com/413 in browser, security, seite, spybot, startseite, trojaner |
Textbox.
.
