| |
| |||||||
Log-Analyse und Auswertung: Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.."Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.03.2012, 01:11
| #1 |
| |  Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Nun hat's mich gestern abend auch erwischt. Im Thread-Titel genannter Trojaner sperrt mir den Bildschirm mit halbtransparentem Schwarz und professionell aussehender Warnmeldung inklusive Button 'beheben und bezahlen' - den ich natürlich nicht gedrückt habe. Die Sperrung wird nur aktiv, wenn eine aktive Internetverbindung besteht (bei mir über WLAN) - ist der Adapter deaktiviert, kann ich problemlos arbeiten. Habe mir hier schon diverse Threads zu diesem Schädling angelesen und komme um eure auf mich zugeschnittene Hilfe wohl nicht rum. Vielen Dank schon mal im Voraus für eure Mühe... Ich habe schon folgendes unternommen. 1. Scan mit Malwarebytes Anti-Malware: 6 Funde (Log s.u.) 2. danach Scan mit SpywareTerminator 2012: 1 weiterer Fund - (Log s.u.) 3. Scan mit OTL (Log s.u.) Die beiden Programme 1 und 2 haben gemeldet, die Schädlinge entfernt zu haben, allerdings bestand das Problem weiterhin. Danach habe mich hier registriert und die weiteren Schritte durchgeführt: 4. defogger 5. dds 6. gmer Alle drei Vorgänge liefen problemlos ab (Logs s.u.). ********************************************* Hier jetzt die Logfiles ********************************************* Hatte insgesamt zuviele Zeichen, daher die Logfiles im Anhang. Vielleicht noch als hilfreiche Info: Ich hatte nach Schritt 2 (Spywareterminator) den CCleaner meine installierten Programme auflisten lassen: Code:
ATTFilter 7-Zip 9.20 20.06.2011 @BIOS GIGABYTE 20.06.2011 2.11 Acrobat.com Adobe Systems Incorporated 21.06.2011 1.2.443 Adobe AIR Adobe Systems Incorporated 06.09.2011 2.7.1.19610 Adobe Creative Suite 4 Design Standard Adobe Systems Incorporated 21.06.2011 4.398MB 4.0 Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 21.06.2011 1,96MB 10.0.2.54 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.02.2012 6,00MB 11.1.102.62 Adobe Media Player Adobe Systems Incorporated 21.06.2011 1.1 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 18.01.2012 120,8MB 10.1.2 Apple Application Support Apple Inc. 18.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 18.03.2012 24,4MB 5.1.1.4 Apple Software Update Apple Inc. 31.12.2011 2,38MB 2.1.3.127 AudibleManager Audible, Inc. 18.03.2012 1999067760.48.56.22678898 AutoGreen B10.1021.1 GIGABYTE 20.06.2011 4,77MB 1.00.0000 Avira AntiVir Personal - Free Antivirus Avira GmbH 13.02.2012 74,3MB 10.2.0.707 Bonjour Apple Inc. 31.12.2011 1,02MB 3.0.0.10 CCleaner Piriform 20.03.2012 3.16 CDBurnerXP CDBurnerXP 21.02.2012 17,9MB 4.4.0.2905 DES 2.0 Gigabyte 20.06.2011 1.00.0000 DivX Codec DivX, Inc. 26.06.2011 6.6.1 Easy Tune 6 B11.0323.1 GIGABYTE 20.06.2011 33,0MB 1.00.0000 EPSON TWAIN 5 SEIKO EPSON Corp. 21.06.2011 5.71.0000 Etron USB3.0 Host Controller Etron Technology 20.06.2011 5,19MB 0.98 Evernote v. 4.5 Evernote Corp. 19.01.2012 149,7MB 4.5.0.5229 EXPERTool 7.18 Gainward Co., Ltd 20.06.2011 11,2MB FileZilla Client 3.5.0 22.06.2011 3.5.0 Fragen-Lern-CD 4.1 Wendel-Verlag GmbH 10.07.2011 4.1.0 Free Download Manager 3.0 FreeDownloadManager.ORG 21.06.2011 Free FLV Converter V 7.3.0 Koyote Soft 24.01.2012 16,1MB 7.3.0.0 Free YouTube to MP3 Converter version 3.10.6.727 DVDVideoSoft Limited. 07.08.2011 44,9MB HP LaserJet Professional CM1410 Series Hewlett-Packard 04.01.2012 HP LJ CM1410 MFP Series HP Scan Hewlett-Packard Co. 04.01.2012 12,5MB 1.0.302.0 HP Update Hewlett-Packard 04.01.2012 2,97MB 5.002.006.003 HPLaserJetHelp_LearnCenter Hewlett-Packard 04.01.2012 11,5MB 1.03.0000 I.R.I.S. OCR HP 04.01.2012 69,0MB 12.3.4.0 iCloud Apple Inc. 18.03.2012 24,3MB 1.1.0.40 Intel(R) Control Center Intel Corporation 21.06.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 21.06.2011 7.0.0.1118 iTunes Apple Inc. 18.03.2012 157,4MB 10.6.0.40 Java(TM) 6 Update 29 Oracle 27.07.2011 94,9MB 6.0.290 LinuxLive USB Creator Thibaut Lauziere 28.02.2012 2.8 Logitech Webcam Software Logitech Inc. 25.08.2011 43,9MB 12.10.1113 Lotus Notes 8.5.3 de IBM 29.02.2012 600MB 8.53.11283 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 20.03.2012 17,3MB 1.60.1.1000 Marketsplash Shortcuts Hewlett-Packard 04.01.2012 0,29MB 1.0.0.9 McAfee Security Scan Plus McAfee, Inc. 30.01.2012 8,30MB 2.0.181.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.06.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.06.2011 2,94MB 4.0.30319 Microsoft IntelliPoint 8.1 Microsoft 24.06.2011 8.15.406.0 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 21.06.2011 12.0.6425.1000 Microsoft Silverlight Microsoft Corporation 15.02.2012 80,4MB 4.1.10111.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.06.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,59MB 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 de) Mozilla 18.02.2012 35,5MB 10.0.2 Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 18.02.2012 38,7MB 10.0.2 NVIDIA 3D Vision Treiber 267.60 NVIDIA Corporation 20.06.2011 267.60 NVIDIA Grafiktreiber 267.60 NVIDIA Corporation 20.06.2011 267.60 NVIDIA HD-Audiotreiber 1.2.22.1 NVIDIA Corporation 20.06.2011 1.2.22.1 NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 20.06.2011 9.10.0514 ON_OFF Charge B11.0110.1 GIGABYTE 20.06.2011 1.00.0001 QuickTime Apple Inc. 18.03.2012 73,3MB 7.71.80.42 Realtek Ethernet Controller Driver Realtek 20.06.2011 7.38.113.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20.06.2011 6.0.1.6307 Safari Apple Inc. 18.03.2012 104,3MB 5.34.54.16 Skype™ 5.5 Skype Technologies S.A. 18.11.2011 17,1MB 5.5.124 Smart 6 B10.1221.1 GIGABYTE 20.06.2011 1.00.0000 SopCast 3.4.0 www.sopcast.com 15.10.2011 3.4.0 TeraCopy 2.27 Code Sector 18.03.2012 5,49MB TVCenter PCTV Systems 26.06.2011 160,5MB 6.3.0.584 UltraEdit IDM Computer Solutions, Inc. 08.01.2012 48,3MB 17.30.1014 Untis 2011 Gruber & Petters 21.08.2011 VLC media player 1.1.10 VideoLAN 20.06.2011 1.1.10 Gruß hbergmann |
|
22.03.2012, 09:39
| #2 | ||||
| /// Helfer-Team    |  Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\hedu\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
:Files
C:\Users\hedu\AppData\Local\Skype\SkypePM.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
3. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
22.03.2012, 17:00
| #3 |
| |  Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Hallo Kira,
__________________vielen Dank für deine Zeit und dein Know-How. Ich freue mich auf die Zusammenarbeit. Zu 1.) Fixen mit OTL -> Hier das Log Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\hedu\AppData\Local\Skype\SkypePM.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\hedu\AppData\Local\Skype\SkypePM.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\hedu\Desktop\cmd.bat deleted successfully.
C:\Users\hedu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hedu
->Temp folder emptied: 559157585 bytes
->Temporary Internet Files folder emptied: 241974998 bytes
->Java cache emptied: 1351588 bytes
->FireFox cache emptied: 59787996 bytes
->Apple Safari cache emptied: 2091008 bytes
->Flash cache emptied: 3145968 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66171868 bytes
RecycleBin emptied: 194160694 bytes
Total Files Cleaned = 1.076,00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_163321
Files\Folders moved on Reboot...
File\Folder C:\Users\hedu\AppData\Local\Temp\2011-10-14-1193234699_04-RG.PDF not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\nsd_tmp_300.tmp not found!
Registry entries deleted on Reboot...
Code:
ATTFilter 7-Zip 9.20 20.06.2011 @BIOS GIGABYTE 20.06.2011 2.11 Acrobat.com Adobe Systems Incorporated 21.06.2011 1.2.443 Adobe AIR Adobe Systems Incorporated 06.09.2011 2.7.1.19610 Adobe Creative Suite 4 Design Standard Adobe Systems Incorporated 21.06.2011 4.398MB 4.0 Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 21.06.2011 1,96MB 10.0.2.54 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.02.2012 6,00MB 11.1.102.62 Adobe Media Player Adobe Systems Incorporated 21.06.2011 1.1 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 18.01.2012 120,8MB 10.1.2 Apple Application Support Apple Inc. 18.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 18.03.2012 24,4MB 5.1.1.4 Apple Software Update Apple Inc. 31.12.2011 2,38MB 2.1.3.127 AudibleManager Audible, Inc. 18.03.2012 1999067760.48.56.22678898 AutoGreen B10.1021.1 GIGABYTE 20.06.2011 4,77MB 1.00.0000 Avira AntiVir Personal - Free Antivirus Avira GmbH 13.02.2012 74,3MB 10.2.0.707 Bonjour Apple Inc. 31.12.2011 1,02MB 3.0.0.10 CCleaner Piriform 20.03.2012 3.16 CDBurnerXP CDBurnerXP 21.02.2012 17,9MB 4.4.0.2905 DES 2.0 Gigabyte 20.06.2011 1.00.0000 DivX Codec DivX, Inc. 26.06.2011 6.6.1 Easy Tune 6 B11.0323.1 GIGABYTE 20.06.2011 33,0MB 1.00.0000 EPSON TWAIN 5 SEIKO EPSON Corp. 21.06.2011 5.71.0000 Etron USB3.0 Host Controller Etron Technology 20.06.2011 5,19MB 0.98 Evernote v. 4.5 Evernote Corp. 19.01.2012 149,7MB 4.5.0.5229 EXPERTool 7.18 Gainward Co., Ltd 20.06.2011 11,2MB FileZilla Client 3.5.0 22.06.2011 3.5.0 Fragen-Lern-CD 4.1 Wendel-Verlag GmbH 10.07.2011 4.1.0 Free Download Manager 3.0 FreeDownloadManager.ORG 21.06.2011 Free FLV Converter V 7.3.0 Koyote Soft 24.01.2012 16,1MB 7.3.0.0 Free YouTube to MP3 Converter version 3.10.6.727 DVDVideoSoft Limited. 07.08.2011 44,9MB HP LaserJet Professional CM1410 Series Hewlett-Packard 04.01.2012 HP LJ CM1410 MFP Series HP Scan Hewlett-Packard Co. 04.01.2012 12,5MB 1.0.302.0 HP Update Hewlett-Packard 04.01.2012 2,97MB 5.002.006.003 HPLaserJetHelp_LearnCenter Hewlett-Packard 04.01.2012 11,5MB 1.03.0000 I.R.I.S. OCR HP 04.01.2012 69,0MB 12.3.4.0 iCloud Apple Inc. 18.03.2012 24,3MB 1.1.0.40 Intel(R) Control Center Intel Corporation 21.06.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 21.06.2011 7.0.0.1118 iTunes Apple Inc. 18.03.2012 157,4MB 10.6.0.40 Java(TM) 6 Update 29 Oracle 27.07.2011 94,9MB 6.0.290 LinuxLive USB Creator Thibaut Lauziere 28.02.2012 2.8 Logitech Webcam Software Logitech Inc. 25.08.2011 43,9MB 12.10.1113 Lotus Notes 8.5.3 de IBM 29.02.2012 600MB 8.53.11283 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 20.03.2012 17,3MB 1.60.1.1000 Marketsplash Shortcuts Hewlett-Packard 04.01.2012 0,29MB 1.0.0.9 McAfee Security Scan Plus McAfee, Inc. 30.01.2012 8,30MB 2.0.181.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.06.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.06.2011 2,94MB 4.0.30319 Microsoft IntelliPoint 8.1 Microsoft 24.06.2011 8.15.406.0 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 21.06.2011 12.0.6425.1000 Microsoft Silverlight Microsoft Corporation 15.02.2012 80,4MB 4.1.10111.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.06.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,59MB 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 de) Mozilla 18.02.2012 35,5MB 10.0.2 Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 18.02.2012 38,7MB 10.0.2 NVIDIA 3D Vision Treiber 267.60 NVIDIA Corporation 20.06.2011 267.60 NVIDIA Grafiktreiber 267.60 NVIDIA Corporation 20.06.2011 267.60 NVIDIA HD-Audiotreiber 1.2.22.1 NVIDIA Corporation 20.06.2011 1.2.22.1 NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 20.06.2011 9.10.0514 ON_OFF Charge B11.0110.1 GIGABYTE 20.06.2011 1.00.0001 QuickTime Apple Inc. 18.03.2012 73,3MB 7.71.80.42 Realtek Ethernet Controller Driver Realtek 20.06.2011 7.38.113.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20.06.2011 6.0.1.6307 Safari Apple Inc. 18.03.2012 104,3MB 5.34.54.16 Skype™ 5.5 Skype Technologies S.A. 18.11.2011 17,1MB 5.5.124 Smart 6 B10.1221.1 GIGABYTE 20.06.2011 1.00.0000 SopCast 3.4.0 www.sopcast.com 15.10.2011 3.4.0 Spyware Terminator 2012 Crawler.com 20.03.2012 18,9MB 3.0.0.61 TeraCopy 2.27 Code Sector 18.03.2012 5,49MB TVCenter PCTV Systems 26.06.2011 160,5MB 6.3.0.584 UltraEdit IDM Computer Solutions, Inc. 08.01.2012 48,3MB 17.30.1014 Untis 2011 Gruber & Petters 21.08.2011 VLC media player 1.1.10 VideoLAN 20.06.2011 1.1.10 OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 16:41:08 - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 60,54% Memory free 6,98 Gb Paging File | 5,50 Gb Available in Paging File | 78,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 205,08 Gb Total Space | 152,89 Gb Free Space | 74,55% Space Free | Partition Type: NTFS Drive D: | 507,81 Gb Total Space | 499,30 Gb Free Space | 98,32% Space Free | Partition Type: NTFS Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC2011 | User Name: hedu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe PRC - [2012.03.01 00:09:32 | 011,296,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.20 06:47:06 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.02.20 06:47:00 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\SUService.exe PRC - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe PRC - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe PRC - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\nsd.exe PRC - [2011.08.08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.04.13 14:02:34 | 000,412,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\dpupdchk.exe PRC - [2011.03.11 16:26:02 | 002,265,416 | ---- | M] (Gainward Co.) -- C:\Programme\EXPERTool\TBPANEL.exe PRC - [2011.03.08 12:18:04 | 000,804,968 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.10.25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2010.08.24 13:35:02 | 002,459,192 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe PRC - [2010.08.12 13:38:58 | 001,841,504 | ---- | M] (Gigabyte Technology CO.) -- C:\Programme\GIGABYTE\SMART6\Recovery\RPMDaemon.exe PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe PRC - [2010.04.22 14:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\AlarmClock.exe PRC - [2010.01.22 14:27:22 | 000,746,768 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.06.12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.03.01 00:09:31 | 000,967,168 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll MOD - [2012.03.01 00:09:26 | 000,163,840 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll MOD - [2012.03.01 00:09:19 | 000,139,264 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll MOD - [2012.02.16 03:30:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012.02.16 03:24:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MOD - [2012.02.16 03:24:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012.02.16 03:24:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 03:24:08 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.02.16 03:24:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 03:24:02 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll MOD - [2012.02.16 03:24:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 03:23:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 03:23:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 03:23:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 03:23:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Programme\TeraCopy\TeraCopyExt.dll MOD - [2011.10.14 02:21:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.21 21:47:53 | 000,131,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SHDocVw\1.1.0.0__1b4e890f49261012\SHDocVw.dll MOD - [2011.06.21 21:47:53 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_32\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll MOD - [2011.06.14 16:10:00 | 000,107,008 | ---- | M] () -- C:\Programme\IDM Computer Solutions\UltraEdit\ue32ctmn.dll MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2010.10.25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll MOD - [2010.03.05 04:56:02 | 001,720,320 | ---- | M] () -- C:\Programme\Free Download Manager\fdmbtsupp.dll MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2009.07.14 09:49:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 09:49:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Programme\Free Download Manager\iefdm2.dll MOD - [2007.12.06 04:50:44 | 000,401,408 | ---- | M] () -- C:\Programme\Free Download Manager\FUM\fumcore.dll MOD - [2007.01.31 09:56:56 | 000,032,768 | ---- | M] () -- C:\Programme\EXPERTool\TBPanelExt.dll MOD - [1998.10.31 09:55:56 | 000,005,120 | ---- | M] () -- C:\Programme\EXPERTool\TBMANAGE.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.02.20 06:47:06 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\SUService.exe -- (LNSUSvc) SRV - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.22 20:20:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.22 16:36:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.29 14:34:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 14:34:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.21 21:50:28 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.04.12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2011.03.18 05:00:32 | 010,508,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.18 05:00:32 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.07 10:22:00 | 000,052,992 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI) DRV - [2011.03.07 10:22:00 | 000,033,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3) DRV - [2011.01.10 17:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010.12.07 08:30:39 | 000,021,528 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcfaxio.sys -- (HPFXFAX) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.03 05:09:14 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM) DRV - [2010.09.21 08:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.07 05:51:56 | 000,115,848 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AbilisBdaTuner.sys -- (AbilisT) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2008.02.29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.03.16 09:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A E2 7F 35 DC AD CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google " FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.heise.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.19 22:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions [2011.08.08 09:27:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.19 22:59:55 | 000,002,126 | ---- | M] () -- C:\Users\hedu\AppData\Roaming\Mozilla\Firefox\Profiles\40udxu6l.default\searchplugins\google-.xml [2012.01.09 07:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2012.02.19 03:25:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.04 16:54:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 16:54:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.04 16:54:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 16:54:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 16:54:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.04 16:54:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [NotesSODCPreLoad] C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe () O4 - HKCU..\Run: [StrmServer.exe] C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe (PCTV Systems S.à r.l.) O4 - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EF8236-A467-4F60-8622-5CEAF41F4E74}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCBF602-0646-4FB5-B9E8-97F20F6CCD9C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.22 16:33:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.22 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.03.22 00:00:14 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2012.03.21 22:53:43 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Spyware Terminator [2012.03.21 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2012.03.21 22:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.21 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\malware_logs [2012.03.21 19:19:46 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.21 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Malwarebytes [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 17:55:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.20 03:35:19 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Avira [2012.03.19 22:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012.03.19 22:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.19 22:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.19 22:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.19 22:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.03.19 22:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.03.19 22:11:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.19 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Audible [2012.03.19 21:32:22 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012.03.19 21:32:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2012.03.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\hedu\Documents\Audible [2012.03.19 21:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audible [2012.03.19 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2012.03.19 19:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2012.03.19 19:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2012.03.14 03:00:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.14 03:00:49 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 02:04:56 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 02:04:55 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 02:03:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.14 02:03:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 02:03:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 02:03:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.01 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\hedu\My Documents [2012.03.01 00:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Anwendungen [2012.03.01 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\IBM [2012.02.29 00:41:01 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator [2012.02.29 00:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\LinuxLive USB Creator ========== Files - Modified Within 30 Days ========== [2012.03.22 16:39:59 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.22 16:39:59 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.22 16:39:59 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.22 16:39:59 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.22 16:36:14 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.03.22 16:36:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012.03.22 16:35:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 16:35:32 | 2811,584,512 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 16:34:38 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 16:34:37 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 00:08:50 | 000,000,000 | ---- | M] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:12 | 000,076,575 | ---- | M] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.22 00:00:17 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 23:58:28 | 000,050,477 | ---- | M] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:53:43 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.03.21 22:31:05 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 17:55:19 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 17:35:55 | 000,089,088 | ---- | M] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.19 22:19:42 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:18:11 | 000,002,134 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.03.19 22:17:39 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | M] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 21:32:22 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 19:18:05 | 000,000,972 | ---- | M] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.14 03:18:57 | 002,239,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.11 11:00:41 | 000,083,620 | ---- | M] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 17:34:31 | 000,000,600 | ---- | M] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2012.03.01 00:10:34 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | M] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:03 | 014,104,964 | ---- | M] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar [2012.02.22 06:51:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.03.22 00:08:50 | 000,000,000 | ---- | C] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:11 | 000,076,575 | ---- | C] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.21 23:58:27 | 000,050,477 | ---- | C] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:53:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.21 22:53:43 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.03.21 22:31:05 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 19:20:03 | 000,089,088 | ---- | C] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 19:19:57 | 000,286,208 | ---- | C] () -- C:\Users\hedu\Desktop\gmer.exe [2012.03.21 17:55:19 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 22:19:42 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.03.19 22:19:42 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:17:39 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | C] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 19:18:05 | 000,000,972 | ---- | C] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.11 11:00:41 | 000,083,620 | ---- | C] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 00:10:34 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | C] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:02 | 014,104,964 | ---- | C] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar [2012.01.05 18:36:19 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.01.05 18:36:19 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2011.11.07 19:50:21 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.07.26 18:36:38 | 000,000,600 | ---- | C] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2011.06.25 09:49:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.21 23:26:05 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2011.06.21 21:50:28 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.06.21 21:46:04 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011.06.21 21:46:04 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011.06.21 21:45:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011.06.21 21:44:45 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.06.21 21:42:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.18 05:00:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini ========== LOP Check ========== [2011.08.12 09:27:32 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Canneverbe Limited [2011.07.11 19:25:41 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.08 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoft [2011.08.08 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.01 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\EPSON [2012.03.11 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FileZilla [2012.03.22 16:42:15 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Free Download Manager [2012.01.31 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FreeFLVConverter [2011.08.22 15:32:37 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\gp-Untis [2011.08.26 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Leadertech [2012.03.21 22:53:43 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Spyware Terminator [2012.03.19 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2011.06.21 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Thunderbird [2011.12.15 03:19:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 16:41:08 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 60,54% Memory free
6,98 Gb Paging File | 5,50 Gb Available in Paging File | 78,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,08 Gb Total Space | 152,89 Gb Free Space | 74,55% Space Free | Partition Type: NTFS
Drive D: | 507,81 Gb Total Space | 499,30 Gb Free Space | 98,32% Space Free | Partition Type: NTFS
Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC2011 | User Name: hedu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0D888F5-B8E9-D6BC-6309-35671E22649F}" = Fragen-Lern-CD 4.1
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.60
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1AB1809-3DAC-4B67-ABD1-5F9286AA6DE3}" = Lotus Notes 8.5.3 de
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.1
"FileZilla Client" = FileZilla Client 3.5.0
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MySSID_is1" = EXPERTool 7.18
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.4.0
"TeraCopy_is1" = TeraCopy 2.27
"Untis 2011" = Untis 2011
"VLC media player" = VLC media player 1.1.10
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2012 14:21:07 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 21.03.2012 18:30:28 | Computer Name = PC2011 | Source = VSS | ID = 8194
Description =
Error - 21.03.2012 18:51:38 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 21.03.2012 19:08:45 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 21.03.2012 19:27:48 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 22.03.2012 11:09:23 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 22.03.2012 11:25:48 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 22.03.2012 11:33:10 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 22.03.2012 11:33:24 | Computer Name = PC2011 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: st_rsser.exe, Version: 3.0.0.36,
Zeitstempel: 0x4e7afd9c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000303a2 ID des fehlerhaften
Prozesses: 0x778 Startzeit der fehlerhaften Anwendung: 0x01cd0840c4d66c1c Pfad der
fehlerhaften Anwendung: C:\Program Files\Spyware Terminator\st_rsser.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5c1edebf-7434-11e1-b47a-50e54938dbc1
Error - 22.03.2012 11:37:55 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
[ System Events ]
Error - 15.12.2011 12:00:44 | Computer Name = PC2011 | Source = bowser | ID = 8003
Description =
Error - 05.02.2012 09:25:08 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.02.2012 20:15:26 | Computer Name = PC2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 28.02.2012 20:15:26 | Computer Name = PC2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 28.02.2012 20:15:27 | Computer Name = PC2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 29.02.2012 19:06:21 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lotus Notes-Diagnose" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 29.02.2012 19:06:22 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lotus Notes Smart Upgrade Service " ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 29.02.2012 19:06:22 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Multi-user Cleanup Service" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 19.03.2012 17:15:32 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 19.03.2012 22:24:47 | Computer Name = PC2011 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?03.?2012 um 03:22:07 unerwartet heruntergefahren.
< End of report >
Alle Scans liefen problemlos und wurden im normalen Modus ausgeführt. Zum Posten der Logs gehe ich im abgesicherten Modus online - da geht es. LG hbergmann |
|
23.03.2012, 06:34
| #4 | |
| /// Helfer-Team | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." 1. Deinstalliere: Zitat:
2. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 3. reinige dein System mit CCleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 7. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
24.03.2012, 01:47
| #5 |
| | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Hallo kira, habe die Anweisungen Schritt für Schritt ausgeführt.. zu 1.: Spyware Terminator mit CCleaner deinstalliert. Das mit der Adware hatte mich eigentlich nicht so gestört, da er auf Chip-Online weit bessere Empfehlungen und Bewertungen erhalten hatte, als Malwarebytes Produkt, aber möglicherweise bin ich mir der Gefahren durch Adware nicht bewusst genug. zu 2.: Java aktualisiert. Download noch im abgesicherten Modus gemacht. Im normalen Modus ohne Netzverbindung installiert. zu 3.: Mit CCleaner System nach deinen Anweisungen bereinigt. zu 4.: Superantispyware installiert und Anweisungen ausgeführt, obwohl die Menuführung anders ist, als die von dir angewiesene. Musste ein wenig schauen, aber es ging. Hier das Protokoll: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/23/2012 at 08:33 AM
Application Version : 5.0.1146
Core Rules Database Version : 8371
Trace Rules Database Version: 6183
Scan type : Complete Scan
Total Scan Time : 00:40:41
Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 879
Memory threats detected : 0
Registry items scanned : 35164
Registry threats detected : 0
File items scanned : 116399
File threats detected : 2
Trojan.Agent/Gen-Frauder
D:\DOWNLOADS\PCWWIN7PE-R2\PCWWIN7PE\TOOLS\WIN7PE-R2\PROJECTS\TOOLS\DRV_INDEX.EXE
Trojan.Agent/Gen-Autorun[Swisyn]
D:\DOWNLOADS\PCWWIN7PE-R2\PCWWIN7PE\TOOLS\WIN7PE-R2\PROJECTS\TOOLS\INNOUNP.EXE
Ich benutze keine Sticks und externen Festplatten mehr - alles in der Cloud. Die Platte, auf der ich vor einem halben Jahr ein Systembackup nach Neuinstallation gemacht habe, habe ich leider nicht mehr. zu 6.: Also habe ich todesmutig im normalen Modus den Drahtlosadapter aktiviert um den Online-Scan durchzuführen. Siehe da, erstes Erfolgserlebnis: kein Blackscreen mehr!! Eset-Scan mit Firefox durchgeführt: Code:
ATTFilter C:\_OTL\MovedFiles\03222012_163321\C_Users\hedu\AppData\Local\Skype\SkypePM.exe Win32/LockScreen.AIG trojan cleaned by deleting - quarantined
D:\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\software\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy application deleted - quarantined
zu 7.: OTL-Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2012 01:11:23 - Run 3 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 59,86% Memory free 6,98 Gb Paging File | 5,51 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 205,08 Gb Total Space | 151,71 Gb Free Space | 73,98% Space Free | Partition Type: NTFS Drive D: | 507,81 Gb Total Space | 499,31 Gb Free Space | 98,33% Space Free | Partition Type: NTFS Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC2011 | User Name: hedu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe PRC - [2012.03.01 00:09:32 | 011,296,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\SUService.exe PRC - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe PRC - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe PRC - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\nsd.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.08.08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.04.13 14:02:34 | 000,412,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\dpupdchk.exe PRC - [2011.03.11 16:26:02 | 002,265,416 | ---- | M] (Gainward Co.) -- C:\Programme\EXPERTool\TBPANEL.exe PRC - [2011.03.08 12:18:04 | 000,804,968 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.10.25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2010.08.24 13:35:02 | 002,459,192 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe PRC - [2010.08.12 13:38:58 | 001,841,504 | ---- | M] (Gigabyte Technology CO.) -- C:\Programme\GIGABYTE\SMART6\Recovery\RPMDaemon.exe PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe PRC - [2010.04.22 14:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\AlarmClock.exe PRC - [2010.01.22 14:27:22 | 000,746,768 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.07.14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.03.01 00:09:31 | 000,967,168 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll MOD - [2012.03.01 00:09:26 | 000,163,840 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll MOD - [2012.03.01 00:09:19 | 000,139,264 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll MOD - [2012.02.16 03:30:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012.02.16 03:24:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MOD - [2012.02.16 03:24:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012.02.16 03:24:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 03:24:08 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.02.16 03:24:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 03:24:02 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll MOD - [2012.02.16 03:24:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 03:23:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 03:23:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 03:23:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 03:23:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Programme\TeraCopy\TeraCopyExt.dll MOD - [2011.10.14 02:21:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.21 21:47:53 | 000,131,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SHDocVw\1.1.0.0__1b4e890f49261012\SHDocVw.dll MOD - [2011.06.21 21:47:53 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_32\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll MOD - [2011.06.14 16:10:00 | 000,107,008 | ---- | M] () -- C:\Programme\IDM Computer Solutions\UltraEdit\ue32ctmn.dll MOD - [2011.05.22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2010.10.25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll MOD - [2010.03.05 04:56:02 | 001,720,320 | ---- | M] () -- C:\Programme\Free Download Manager\fdmbtsupp.dll MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2009.07.14 09:49:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 09:49:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Programme\Free Download Manager\iefdm2.dll MOD - [2007.12.06 04:50:44 | 000,401,408 | ---- | M] () -- C:\Programme\Free Download Manager\FUM\fumcore.dll MOD - [1998.10.31 09:55:56 | 000,005,120 | ---- | M] () -- C:\Programme\EXPERTool\TBMANAGE.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\SUService.exe -- (LNSUSvc) SRV - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.22 20:20:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.23 12:23:49 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.06.29 14:34:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 14:34:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.21 21:50:28 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011.04.12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2011.03.18 05:00:32 | 010,508,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.18 05:00:32 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.07 10:22:00 | 000,052,992 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI) DRV - [2011.03.07 10:22:00 | 000,033,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3) DRV - [2011.01.10 17:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010.12.07 08:30:39 | 000,021,528 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcfaxio.sys -- (HPFXFAX) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.03 05:09:14 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM) DRV - [2010.09.21 08:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.07 05:51:56 | 000,115,848 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AbilisBdaTuner.sys -- (AbilisT) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2008.02.29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.03.16 09:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 AC 32 FA E7 08 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google " FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.heise.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.23 12:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions [2011.08.08 09:27:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.23 12:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions\staged [2012.01.19 22:59:55 | 000,002,126 | ---- | M] () -- C:\Users\hedu\AppData\Roaming\Mozilla\Firefox\Profiles\40udxu6l.default\searchplugins\google-.xml [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2012.02.19 03:25:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.04 16:54:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 16:54:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.04 16:54:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 16:54:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 16:54:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.04 16:54:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [NotesSODCPreLoad] C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe () O4 - HKCU..\Run: [StrmServer.exe] C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe (PCTV Systems S.à r.l.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EF8236-A467-4F60-8622-5CEAF41F4E74}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCBF602-0646-4FB5-B9E8-97F20F6CCD9C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.23 12:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.23 07:44:47 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\SUPERAntiSpyware.com [2012.03.23 07:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.23 07:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.03.23 07:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.23 07:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.23 07:36:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.23 07:36:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.23 07:36:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.22 16:33:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.22 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.03.22 00:00:14 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.21 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\malware_logs [2012.03.21 19:19:46 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.21 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Malwarebytes [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 17:55:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.20 03:35:19 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Avira [2012.03.19 22:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012.03.19 22:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.19 22:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.19 22:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.19 22:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.03.19 22:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.03.19 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Audible [2012.03.19 21:32:22 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012.03.19 21:32:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2012.03.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\hedu\Documents\Audible [2012.03.19 21:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audible [2012.03.19 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2012.03.19 19:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2012.03.19 19:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2012.03.14 03:00:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.14 03:00:49 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 02:04:56 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 02:04:55 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 02:03:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.14 02:03:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 02:03:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 02:03:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.01 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\hedu\My Documents [2012.03.01 00:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Anwendungen [2012.03.01 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\IBM [2012.02.29 00:41:01 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator [2012.02.29 00:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\LinuxLive USB Creator ========== Files - Modified Within 30 Days ========== [2012.03.24 00:25:42 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 00:25:42 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.23 12:30:28 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.23 12:30:28 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.23 12:30:28 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.23 12:30:28 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.23 12:23:54 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.03.23 12:23:49 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012.03.23 12:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.23 12:23:19 | 2811,584,512 | -HS- | M] () -- C:\hiberfil.sys [2012.03.23 07:43:21 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 07:36:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.03.23 07:36:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.23 07:36:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.23 07:36:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.22 00:08:50 | 000,000,000 | ---- | M] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:12 | 000,076,575 | ---- | M] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.22 00:00:17 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 23:58:28 | 000,050,477 | ---- | M] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:31:05 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 17:55:19 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 17:35:55 | 000,089,088 | ---- | M] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.19 22:19:42 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:18:11 | 000,002,134 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.03.19 22:17:39 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | M] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 21:32:22 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 19:18:05 | 000,000,972 | ---- | M] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.14 03:18:57 | 002,239,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.11 11:00:41 | 000,083,620 | ---- | M] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 17:34:31 | 000,000,600 | ---- | M] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2012.03.01 00:10:34 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | M] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:03 | 014,104,964 | ---- | M] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar ========== Files Created - No Company Name ========== [2012.03.23 07:43:21 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.22 00:08:50 | 000,000,000 | ---- | C] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:11 | 000,076,575 | ---- | C] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.21 23:58:27 | 000,050,477 | ---- | C] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:53:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.21 22:31:05 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 19:20:03 | 000,089,088 | ---- | C] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 19:19:57 | 000,286,208 | ---- | C] () -- C:\Users\hedu\Desktop\gmer.exe [2012.03.21 17:55:19 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 22:19:42 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.03.19 22:19:42 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:17:39 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | C] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 19:18:05 | 000,000,972 | ---- | C] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.11 11:00:41 | 000,083,620 | ---- | C] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 00:10:34 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | C] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:02 | 014,104,964 | ---- | C] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar [2012.01.05 18:36:19 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.01.05 18:36:19 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2011.11.07 19:50:21 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.07.26 18:36:38 | 000,000,600 | ---- | C] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2011.06.25 09:49:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.21 23:26:05 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2011.06.21 21:50:28 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.06.21 21:46:04 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011.06.21 21:46:04 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011.06.21 21:45:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011.06.21 21:44:45 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.06.21 21:42:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.18 05:00:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini ========== LOP Check ========== [2011.08.12 09:27:32 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Canneverbe Limited [2011.07.11 19:25:41 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.08 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoft [2011.08.08 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.01 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\EPSON [2012.03.11 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FileZilla [2012.03.24 01:10:36 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Free Download Manager [2012.01.31 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FreeFLVConverter [2011.08.22 15:32:37 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\gp-Untis [2011.08.26 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Leadertech [2012.03.19 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2011.06.21 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Thunderbird [2011.12.15 03:19:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 01:11:23 - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 59,86% Memory free
6,98 Gb Paging File | 5,51 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,08 Gb Total Space | 151,71 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
Drive D: | 507,81 Gb Total Space | 499,31 Gb Free Space | 98,33% Space Free | Partition Type: NTFS
Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC2011 | User Name: hedu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0D888F5-B8E9-D6BC-6309-35671E22649F}" = Fragen-Lern-CD 4.1
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.60
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1AB1809-3DAC-4B67-ABD1-5F9286AA6DE3}" = Lotus Notes 8.5.3 de
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.1
"FileZilla Client" = FileZilla Client 3.5.0
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MySSID_is1" = EXPERTool 7.18
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.4.0
"TeraCopy_is1" = TeraCopy 2.27
"Untis 2011" = Untis 2011
"VLC media player" = VLC media player 1.1.10
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2012 11:48:46 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 22.03.2012 11:51:22 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 22.03.2012 12:10:04 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 02:23:34 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 23.03.2012 02:26:22 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 23.03.2012 02:37:25 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 02:44:10 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 02:47:14 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 23.03.2012 02:52:08 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 07:25:43 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
[ System Events ]
Error - 28.02.2012 20:15:26 | Computer Name = PC2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 28.02.2012 20:15:27 | Computer Name = PC2011 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 29.02.2012 19:06:21 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lotus Notes-Diagnose" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 29.02.2012 19:06:22 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lotus Notes Smart Upgrade Service " ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 29.02.2012 19:06:22 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Multi-user Cleanup Service" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 19.03.2012 17:15:32 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 19.03.2012 22:24:47 | Computer Name = PC2011 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?03.?2012 um 03:22:07 unerwartet heruntergefahren.
Error - 21.03.2012 18:51:37 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AppleCharger avipbb discache spldr sp_rsdrv2 ssmdrv Wanarpv6
Error - 21.03.2012 18:51:42 | Computer Name = PC2011 | Source = DCOM | ID = 10005
Description =
Error - 21.03.2012 18:51:43 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Zur Zeit scheint alles normal zu laufen. Es gibt keine Fake-Fehlermeldung mehr. |
|
24.03.2012, 09:13
| #6 | |||
| /// Helfer-Team | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.."Zitat:
1 AV-Scanner und die Win Firewall reicht aus. Gegen starke Viren, die heutzutage unterwegs sind, leider bieten extra installierte Tools/Programme auch nicht mehr Schutz! Belasten das System nur... Zitat:
nur beim "Notfall" wende dich an CCleaner 1. Gehe in den abgesicherten Modus ♦ Drücke bevor das Windows-Logo erscheint, mehrmals die F8-Taste. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. 2. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2011.10.04 16:54:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 16:54:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. starte im normalen Modus jetzt auf 4. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." |
|
25.03.2012, 13:53
| #7 |
| |  Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Hallo Kira, hier jetzt die Logs: 1. nach dem OTL-Fix im abgesicherten Modus: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\hedu\Desktop\cmd.bat deleted successfully.
C:\Users\hedu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hedu
->Temp folder emptied: 202432 bytes
->Temporary Internet Files folder emptied: 7842448 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49933283 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 554 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 55,00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03242012_110749
Files\Folders moved on Reboot...
File\Folder C:\Users\hedu\AppData\Local\Temp\2011-10-14-1193234699_04-RG.PDF not found!
Registry entries deleted on Reboot...
OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2012 11:24:32 - Run 4 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 64,13% Memory free 6,98 Gb Paging File | 5,50 Gb Available in Paging File | 78,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 205,08 Gb Total Space | 151,76 Gb Free Space | 74,00% Space Free | Partition Type: NTFS Drive D: | 507,81 Gb Total Space | 499,31 Gb Free Space | 98,33% Space Free | Partition Type: NTFS Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC2011 | User Name: hedu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe PRC - [2012.03.07 22:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.03.01 00:09:32 | 011,296,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\SUService.exe PRC - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe PRC - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe PRC - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Programme\IBM\Lotus\Notes\nsd.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.08.08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.04.13 14:02:34 | 000,412,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\dpupdchk.exe PRC - [2011.03.11 16:26:02 | 002,265,416 | ---- | M] (Gainward Co.) -- C:\Programme\EXPERTool\TBPANEL.exe PRC - [2011.03.08 12:18:04 | 000,804,968 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.10.25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2010.08.24 13:35:02 | 002,459,192 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe PRC - [2010.08.12 13:38:58 | 001,841,504 | ---- | M] (Gigabyte Technology CO.) -- C:\Programme\GIGABYTE\SMART6\Recovery\RPMDaemon.exe PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe PRC - [2010.04.22 14:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\AlarmClock.exe PRC - [2010.01.22 14:27:22 | 000,746,768 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.06.12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.03.24 11:22:08 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.03.24 11:22:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.03.23 07:44:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.03.23 07:44:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.03.01 00:09:31 | 000,967,168 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll MOD - [2012.03.01 00:09:26 | 000,163,840 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll MOD - [2012.03.01 00:09:19 | 000,139,264 | ---- | M] () -- C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll MOD - [2012.02.16 03:30:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012.02.16 03:24:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MOD - [2012.02.16 03:24:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012.02.16 03:24:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 03:24:08 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.02.16 03:24:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 03:24:02 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll MOD - [2012.02.16 03:24:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 03:23:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 03:23:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 03:23:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 03:23:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Programme\TeraCopy\TeraCopyExt.dll MOD - [2011.10.14 02:21:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.14 16:10:00 | 000,107,008 | ---- | M] () -- C:\Programme\IDM Computer Solutions\UltraEdit\ue32ctmn.dll MOD - [2011.05.22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2010.10.25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll MOD - [2010.03.05 04:56:02 | 001,720,320 | ---- | M] () -- C:\Programme\Free Download Manager\fdmbtsupp.dll MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2009.07.14 09:49:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 09:49:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Programme\Free Download Manager\iefdm2.dll MOD - [2007.12.06 04:50:44 | 000,401,408 | ---- | M] () -- C:\Programme\Free Download Manager\FUM\fumcore.dll MOD - [1998.10.31 09:55:56 | 000,005,120 | ---- | M] () -- C:\Programme\EXPERTool\TBMANAGE.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\SUService.exe -- (LNSUSvc) SRV - [2011.09.16 08:29:18 | 000,071,048 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011.09.16 08:28:42 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.06.29 14:34:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.22 20:20:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.08 12:05:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.10.13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Programme\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.17 15:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.24 11:21:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.06.29 14:34:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 14:34:12 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.21 21:50:28 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011.04.12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2011.03.18 05:00:32 | 010,508,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.18 05:00:32 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.07 10:22:00 | 000,052,992 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI) DRV - [2011.03.07 10:22:00 | 000,033,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3) DRV - [2011.01.10 17:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010.12.07 08:30:39 | 000,021,528 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcfaxio.sys -- (HPFXFAX) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.03 05:09:14 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM) DRV - [2010.09.21 08:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.07 05:51:56 | 000,115,848 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AbilisBdaTuner.sys -- (AbilisT) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2008.02.29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.03.16 09:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 AC 32 FA E7 08 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google " FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.heise.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 22:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions [2011.06.21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.24 01:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions [2011.08.08 09:27:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hedu\AppData\Roaming\mozilla\Firefox\Profiles\40udxu6l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.19 22:59:55 | 000,002,126 | ---- | M] () -- C:\Users\hedu\AppData\Roaming\Mozilla\Firefox\Profiles\40udxu6l.default\searchplugins\google-.xml [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.23 07:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI () (No name found) -- C:\USERS\HEDU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40UDXU6L.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2012.02.19 03:25:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.04 16:54:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 16:54:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 16:54:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 16:54:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [NotesSODCPreLoad] C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe () O4 - HKCU..\Run: [StrmServer.exe] C:\Programme\Common Files\PCTV Systems\StreamingServer\StrmServer.exe (PCTV Systems S.à r.l.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCBF602-0646-4FB5-B9E8-97F20F6CCD9C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.23 07:44:47 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\SUPERAntiSpyware.com [2012.03.23 07:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.23 07:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.03.23 07:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.23 07:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.23 07:36:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.23 07:36:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.23 07:36:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.22 16:33:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.22 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.03.22 00:00:14 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.21 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.21 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\hedu\Desktop\malware_logs [2012.03.21 19:19:46 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.21 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Malwarebytes [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.21 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 17:55:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.20 03:35:19 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Avira [2012.03.19 22:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012.03.19 22:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.19 22:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.19 22:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.19 22:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.03.19 22:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.03.19 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Audible [2012.03.19 21:32:22 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012.03.19 21:32:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2012.03.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\hedu\Documents\Audible [2012.03.19 21:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audible [2012.03.19 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2012.03.19 19:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2012.03.19 19:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2012.03.14 03:00:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.14 03:00:49 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 02:04:56 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 02:04:55 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 02:03:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.14 02:03:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 02:03:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 02:03:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.01 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\hedu\My Documents [2012.03.01 00:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Anwendungen [2012.03.01 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Local\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lotus [2012.03.01 00:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\IBM [2012.02.29 00:41:01 | 000,000,000 | ---D | C] -- C:\Users\hedu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator [2012.02.29 00:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\LinuxLive USB Creator ========== Files - Modified Within 30 Days ========== [2012.03.24 11:22:04 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.03.24 11:21:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012.03.24 11:21:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.24 11:21:25 | 2811,584,512 | -HS- | M] () -- C:\hiberfil.sys [2012.03.24 11:04:58 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 11:04:58 | 000,017,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 01:59:55 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.24 01:59:55 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.24 01:59:55 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.24 01:59:55 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.23 07:43:21 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 07:36:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.03.23 07:36:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.23 07:36:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.23 07:36:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.22 00:08:50 | 000,000,000 | ---- | M] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:12 | 000,076,575 | ---- | M] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.22 00:00:17 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.scr [2012.03.21 23:59:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\hedu\Desktop\dds.com [2012.03.21 23:58:28 | 000,050,477 | ---- | M] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:31:05 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 17:55:19 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 17:35:55 | 000,089,088 | ---- | M] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 17:22:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hedu\Desktop\OTL.exe [2012.03.19 22:19:42 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:18:11 | 000,002,134 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.03.19 22:17:39 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | M] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 21:32:22 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax [2012.03.19 19:18:05 | 000,000,972 | ---- | M] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.14 03:18:57 | 002,239,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.11 11:00:41 | 000,083,620 | ---- | M] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 17:34:31 | 000,000,600 | ---- | M] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2012.03.01 00:10:34 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | M] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:03 | 014,104,964 | ---- | M] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar ========== Files Created - No Company Name ========== [2012.03.23 07:43:21 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.22 00:08:50 | 000,000,000 | ---- | C] () -- C:\Users\hedu\defogger_reenable [2012.03.22 00:01:11 | 000,076,575 | ---- | C] () -- C:\Users\hedu\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.03.21 23:58:27 | 000,050,477 | ---- | C] () -- C:\Users\hedu\Desktop\Defogger.exe [2012.03.21 22:53:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.21 22:31:05 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 19:20:03 | 000,089,088 | ---- | C] () -- C:\Users\hedu\Desktop\mbr.exe [2012.03.21 19:19:57 | 000,286,208 | ---- | C] () -- C:\Users\hedu\Desktop\gmer.exe [2012.03.21 17:55:19 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 22:19:42 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.03.19 22:19:42 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.03.19 22:17:39 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.19 22:13:04 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.03.19 22:08:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.03.19 21:32:26 | 000,001,918 | ---- | C] () -- C:\Users\hedu\Desktop\Audible Manager.lnk [2012.03.19 19:18:05 | 000,000,972 | ---- | C] () -- C:\Users\hedu\Desktop\TeraCopy.lnk [2012.03.11 11:00:41 | 000,083,620 | ---- | C] () -- C:\Users\hedu\Desktop\leb-11.pdf [2012.03.01 00:10:34 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Presentations.lnk [2012.03.01 00:10:34 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Spreadsheets.lnk [2012.03.01 00:10:34 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Notes 8.5.lnk [2012.03.01 00:10:34 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Lotus Symphony Documents.lnk [2012.03.01 00:05:07 | 000,063,741 | ---- | C] () -- C:\Users\hedu\install.xml [2012.02.26 08:07:02 | 014,104,964 | ---- | C] () -- C:\Users\hedu\Desktop\Finns Taufeinladung Email.rar [2012.01.05 18:36:19 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.01.05 18:36:19 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2011.11.07 19:50:21 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.07.26 18:36:38 | 000,000,600 | ---- | C] () -- C:\Users\hedu\AppData\Local\PUTTY.RND [2011.06.25 09:49:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.21 23:26:05 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2011.06.21 21:50:28 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.06.21 21:46:04 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011.06.21 21:46:04 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011.06.21 21:45:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011.06.21 21:44:45 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.06.21 21:42:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.18 05:00:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini ========== LOP Check ========== [2011.08.12 09:27:32 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Canneverbe Limited [2011.07.11 19:25:41 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.08 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoft [2011.08.08 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.01 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\EPSON [2012.03.11 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FileZilla [2012.03.24 11:25:13 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Free Download Manager [2012.01.31 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\FreeFLVConverter [2011.08.22 15:32:37 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\gp-Untis [2011.08.26 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Leadertech [2012.03.19 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\TeraCopy [2011.06.21 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\hedu\AppData\Roaming\Thunderbird [2011.12.15 03:19:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 11:24:32 - Run 4
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hedu\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 64,13% Memory free
6,98 Gb Paging File | 5,50 Gb Available in Paging File | 78,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,08 Gb Total Space | 151,76 Gb Free Space | 74,00% Space Free | Partition Type: NTFS
Drive D: | 507,81 Gb Total Space | 499,31 Gb Free Space | 98,33% Space Free | Partition Type: NTFS
Drive E: | 684,27 Gb Total Space | 595,67 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive F: | 40,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC2011 | User Name: hedu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0D888F5-B8E9-D6BC-6309-35671E22649F}" = Fragen-Lern-CD 4.1
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.60
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1AB1809-3DAC-4B67-ABD1-5F9286AA6DE3}" = Lotus Notes 8.5.3 de
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.1
"FileZilla Client" = FileZilla Client 3.5.0
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MySSID_is1" = EXPERTool 7.18
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.4.0
"TeraCopy_is1" = TeraCopy 2.27
"Untis 2011" = Untis 2011
"VLC media player" = VLC media player 1.1.10
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.03.2012 02:52:08 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 07:25:43 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 23.03.2012 20:55:10 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 24.03.2012 05:53:27 | Computer Name = PC2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.03.2012 05:53:27 | Computer Name = PC2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31830866
Error - 24.03.2012 05:53:27 | Computer Name = PC2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31830866
Error - 24.03.2012 06:04:37 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
Error - 24.03.2012 06:06:02 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 24.03.2012 06:09:04 | Computer Name = PC2011 | Source = Lotus Notes Network Provider | ID = 2
Description = Notes Single Logon will not function properly: Service is not available
to accept credentials
Error - 24.03.2012 06:23:49 | Computer Name = PC2011 | Source = Software Protection Platform Service | ID = 12293
Description = Fehler beim Veröffentlichen des Schlüsselverwaltungsdienstes (Key
Management Service, KMS) in DNS in der ""-Domäne. Info: 0x80070057
[ System Events ]
Error - 21.03.2012 18:59:01 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 18:59:01 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 18:59:01 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:01:09 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:01:09 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:01:09 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:04:21 | Computer Name = PC2011 | Source = DCOM | ID = 10005
Description =
Error - 21.03.2012 19:04:47 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:04:47 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.03.2012 19:04:47 | Computer Name = PC2011 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
[/code] Es gibt keine augenscheinlichen Probleme mehr. Bin online und es erscheint kein Screen mehr. Da ich Online-Banking mache und viel in der Cloud arbeite, teilweise auch online (über Konsole oder ftp-fähige Editoren) Programme entwickele, frage ich mich jetzt natürlich, ob ich echt sicher bin, aber die Antwort auf diese Frage kenne ich schon  Falls ich mich jetzt also doch entscheide, das System neu aufzusetzen, habe ich folgende Frage: ich habe lediglich eine Festplatte, die ich partitioniert habe. Das System ist auf C: und auf den anderen Partitionen habe ich Daten liegen. Wie wahrscheinlich ist es deiner Einschätzung nach, dass die Daten auf den anderen Partitionen korrumpiert sind und mein System auch nach einer Neuinstallation wieder von selbst befallen wird, weil irgendein residentes Ding sich wieder von den Datenpartitionen im System einnistet? Danke und liebe Grüße hbergmann |
|
26.03.2012, 05:48
| #8 | |
| /// Helfer-Team | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.."Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
26.03.2012, 09:30
| #9 |
| | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Das hatte ich befürchtet. Die Sache ist, dass ich meine komplette itunes-Mediathek da habe, tausende von Bild-Dateien und andere Daten, die ich seit Jahren archiviert habe und zwar nur da... eigentlich ist es gar nicht mnöglich, diese Daten zu löschen. Muss ich also immer mit der Sorge leben, dass ich da etwas mit mir rumschleppe?! Auf jeden Fall danke ich dir erstmal für deine Zeit und Mühe. Die aktuelle Bedrohung scheint ja erstmal gebannt zu sein, oder? Liebe Grüße hbergmann |
|
26.03.2012, 22:25
| #10 | |
| /// Helfer-Team | Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." Online scannen wäre eine gute Option zu prüfen: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.." |
| adapter, antivir, bildschirm, computer, converter, diverse, download, firefox, flash player, help, home, log, malwarebytes, mp3, programme, scan, schädling, security, security scan, software, spyware, trojaner, usb, windows, wlan |
.
Linear-Darstellung
