| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50€ - Trojaner mal wieder...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.03.2012, 20:26
| #1 |
 |  50€ - Trojaner mal wieder... Hallo, auch ich habe mir den 50€-Trojaner eingefangen. Vorhin wurde mein Bildschirm plötzlich schwarz mit der Meldung "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" und der Aufforderung, 50 € für ein Update zu zahlen. Habe mir bereits im abgesicherten Modus OTL heruntergeladen und einen QuickScan durchgeführt, Logfiles siehe unten. Vielen Dank im Voraus für eure Hilfe. Eike OTL-Logfile: OTL logfile created on: 14.03.2012 20:14:56 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Eike\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 86,34% Memory free 7,59 Gb Paging File | 7,07 Gb Available in Paging File | 93,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 93,71 Gb Free Space | 62,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 2,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EIKE-NOTEBOOK | User Name: Eike | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Eike\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SearchAnonymizer) -- C:\Users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (66671092) -- C:\Windows\SysNative\drivers\66671092.sys (Kaspersky Lab) DRV:64bit: - (setup_9.0.0.722_14.03.2012_06-25drv) -- C:\Windows\SysNative\drivers\6667109.sys (Kaspersky Lab) DRV:64bit: - (66671091) -- C:\Windows\SysNative\drivers\66671091.sys (Kaspersky Lab) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{1C8348D9-930C-4A43-BC2D-3317E48A933E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{49A1EAB0-1144-4A07-8F2E-E6A8A4DD5FA0}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4E3CFD44-98A2-4069-88AE-41A2E1CCE162}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={sea rchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{6A0AF959-D626-4115-874B-2C77F0525E64}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{A8030CB7-5E47-4409-B6C1-C06F03B00237}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F75726365 3D3426637469643D435432373336343736&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{FEB66B4D-C854-4D57-8B4D-8CA70166ADA2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 10:22:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.26 15:25:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\mail@shopping-preise.de [2011.05.30 18:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eike\AppData\Roaming\mozilla\Extensions [2012.03.10 23:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions [2012.03.10 17:47:08 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.01.04 17:02:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.13 14:30:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.22 15:15:36 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\bug489729@alice0775 [2012.03.10 18:44:53 | 000,001,087 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\11-suche.xml [2012.03.10 18:44:53 | 000,001,131 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\conduit.xml [2012.03.10 18:44:53 | 000,002,422 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\englische-ergebnisse.xml [2012.03.10 18:44:53 | 000,010,703 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\gmx-suche.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-1.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-2.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-3.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-4.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-5.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-6.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-7.xml [2012.03.10 18:44:53 | 000,001,120 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin.xml [2012.03.10 18:44:53 | 000,002,708 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\lastminute.xml [2012.03.10 18:44:53 | 000,005,682 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\webde-suche.xml [2012.03.10 18:44:53 | 000,002,188 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{6ADFFA94-5A6E-49D7-B926-239151B4BBE0}.xml [2012.03.10 18:44:53 | 000,002,077 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{6B526B4C-9D96-48F9-A184-B0188FAC8B02}.xml [2012.03.10 18:44:53 | 000,001,870 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{FC13FB38-297D-46E0-9C8F-11B313147B3C}.xml [2011.11.09 07:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.09 01:32:25 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} () (No name found) -- C:\USERS\EIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3T0HC7EI.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI () (No name found) -- C:\USERS\EIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3T0HC7EI.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.18 10:22:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.10 18:44:53 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.10 18:44:53 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.10 18:44:53 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.10 18:44:53 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.10 18:44:53 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.10 18:44:53 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SkypeM] C:\Users\Eike\AppData\Local\Skype\Skype.exe (Twain Working Group) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk = C:\Users\Eike\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.03.2012_06-25\startup.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05087AF5-09D3-4071-B730-1F485CA40E76}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.29 17:06:55 | 000,155,648 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.09.11 13:55:33 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005.03.14 16:30:41 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{36b6d7ac-89f7-11df-8f2a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{36b6d7ac-89f7-11df-8f2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005.09.29 17:06:55 | 000,155,648 | R--- | M] () O33 - MountPoints2\{b2cc3dd6-289b-11e1-8262-20cf300a6b7e}\Shell - "" = AutoRun O33 - MountPoints2\{b2cc3dd6-289b-11e1-8262-20cf300a6b7e}\Shell\AutoRun\command - "" = F:\install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 20:08:29 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Eike\Desktop\OTL.exe [2012.03.14 19:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.03.14 19:43:26 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\6667109.sys [2012.03.14 19:43:26 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\66671091.sys [2012.03.14 19:43:26 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\66671092.sys [2012.03.14 19:43:25 | 000,000,000 | ---D | C] -- C:\Users\Eike\Desktop\DE-Cleaner powered by Kaspersky [2012.03.10 20:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts-Simulator 2009 [2012.03.10 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009 [2012.03.10 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\My Games [2012.03.10 18:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 Demo [2012.03.10 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 Demo [2012.03.10 18:44:53 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\Opera [2012.03.10 18:44:53 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\DesktopIconForAmazon [2012.03.10 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\OCS [2012.03.10 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.03.10 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Local\Conduit [2012.03.10 17:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeware.de [2012.03.10 17:46:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.03.10 17:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.03.10 17:35:39 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.10 17:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.03.10 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Lite [2012.03.10 17:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.03.03 13:43:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.02.21 16:27:43 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\Physik 1 [2012.02.21 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\Physik 2 [2012.02.21 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\OC-GPR ========== Files - Modified Within 30 Days ========== [2012.03.14 20:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.14 20:13:49 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys [2012.03.14 20:08:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Eike\Desktop\OTL.exe [2012.03.14 19:57:56 | 001,726,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.14 19:57:56 | 000,740,708 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.14 19:57:56 | 000,696,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.14 19:57:56 | 000,159,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.14 19:57:56 | 000,132,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.14 19:52:20 | 000,002,124 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.03.14 19:52:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.14 19:43:52 | 000,002,317 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk [2012.03.14 18:48:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.03.14 18:37:53 | 000,001,229 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.03.14 18:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.10 20:01:56 | 000,001,285 | ---- | M] () -- C:\Users\Eike\Desktop\Landwirtschafts-Simulator 2009.lnk [2012.03.10 18:56:11 | 000,001,330 | ---- | M] () -- C:\Users\Eike\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2012.03.10 18:44:53 | 000,001,450 | ---- | M] () -- C:\Users\Eike\Desktop\Amazon.lnk [2012.03.10 17:38:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 17:38:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 17:36:45 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.10 17:35:39 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.01 13:53:05 | 000,001,023 | ---- | M] () -- C:\Users\Eike\Desktop\Dropbox.lnk [2012.03.01 13:53:05 | 000,001,003 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.22 21:47:17 | 000,001,316 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Kingdoms.lnk ========== Files Created - No Company Name ========== [2012.03.14 19:43:52 | 000,002,317 | ---- | C] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk [2012.03.14 18:48:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.03.10 20:01:56 | 000,001,285 | ---- | C] () -- C:\Users\Eike\Desktop\Landwirtschafts-Simulator 2009.lnk [2012.03.10 18:56:11 | 000,001,330 | ---- | C] () -- C:\Users\Eike\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2012.03.10 18:44:53 | 000,001,450 | ---- | C] () -- C:\Users\Eike\Desktop\Amazon.lnk [2012.03.10 17:46:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.03.10 17:36:45 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.02.22 21:47:17 | 000,001,316 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Kingdoms.lnk [2012.01.17 19:22:43 | 000,000,537 | ---- | C] () -- C:\Users\Eike\AppData\Roaming\solvents.map [2011.05.31 17:54:40 | 001,623,544 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.11 18:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.02.11 18:15:08 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.02.11 18:15:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.07.07 19:54:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.07.07 19:30:26 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.12.15 18:14:20 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Advanced Chemistry Development [2011.05.31 14:21:10 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Asus WebStorage [2012.03.10 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Lite [2012.01.16 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Pro [2012.03.10 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DesktopIconForAmazon [2011.05.31 17:34:29 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Downloaded Installations [2012.03.14 19:52:47 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Dropbox [2011.09.14 22:39:31 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DVDVideoSoft [2011.09.14 22:39:24 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.07 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\FileZilla [2011.06.29 19:45:22 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Firefly Studios [2012.03.14 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\ICQ [2011.10.04 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\LyX2.0 [2011.12.19 20:14:50 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\MusicNet [2011.05.31 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Nitro PDF [2012.03.10 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\OCS [2012.03.14 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Onfyvu [2011.06.09 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\OpenOffice.org [2012.03.10 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Opera [2012.02.05 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\SoftGrid Client [2011.05.31 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\TP [2011.12.19 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Ydnaut [2009.07.14 06:08:49 | 000,011,446 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C8B8CEBD < End of report > Extras.txt OTL Extras logfile created on: 14.03.2012 20:14:56 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Eike\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 86,34% Memory free 7,59 Gb Paging File | 7,07 Gb Available in Paging File | 93,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 93,71 Gb Free Space | 62,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 2,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EIKE-NOTEBOOK | User Name: Eike | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02233C32-A584-4337-9FD1-864F6BC43F67}" = Nitro PDF Reader "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "DesktopIconAmazon" = Desktop Icon für Amazon "Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "SearchAnonymizer" = SearchAnonymizer "STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer) "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05) "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console "{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{EA8A00F7-42F3-451A-8FE6-B0947FDC393D}" = IKEA HomePlanner Office "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F92C4EE6-BEA9-11D7-9E00-0004769EEFEB}" = USA Raser "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ACDLabs in C__Program_Files_ChemSketch_" = ACD/Labs Software in C:\Program Files\ChemSketch\ "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "Autobahn Raser IV" = Autobahn Raser IV "DAEMON Tools Lite" = DAEMON Tools Lite "DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition "FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009 "FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo "FileZilla Client" = FileZilla Client 3.5.2 "Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804 "Freeware.de Toolbar" = Freeware.de Toolbar "Google Chrome" = Google Chrome "ICQToolbar" = ICQ Toolbar "iMesh" = iMesh "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "LyX20" = LyX 2.0.0-3 "MestReC_is1" = MestReC 4.9.9 "MestReNova LITE" = MestReNova LITE 5.2.5-4731 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIA.Updatus" = NVIDIA Updatus "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "TinyCAD" = TinyCAD 2.80.03 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.02.2012 06:29:36 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 28.02.2012 06:32:13 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 28.02.2012 13:58:48 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a8 Startzeit: 01ccf5fce0c77a17 Endzeit: 55 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: d8b4ade0-6235-11e1-a24d-20cf300a6b7e Error - 28.02.2012 14:40:01 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1128 Startzeit: 01ccf642c13a7784 Endzeit: 15 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: 9bc83d3e-623b-11e1-a24d-20cf300a6b7e Error - 28.02.2012 14:44:56 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1770 Startzeit: 01ccf648e0e1b651 Endzeit: 16 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: 4a3b11eb-623c-11e1-88e5-20cf300a6b7e Error - 28.02.2012 15:10:12 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e54 Startzeit: 01ccf6491514c114 Endzeit: 156 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: cb08c544-623f-11e1-88e5-20cf300a6b7e Error - 29.02.2012 07:02:53 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 29.02.2012 07:05:30 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 29.02.2012 17:43:07 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d58 Startzeit: 01ccf72636af6e35 Endzeit: 128 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 5b87cd60-631e-11e1-88e5-20cf300a6b7e Error - 29.02.2012 18:06:13 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm ControlDeck.exe, Version 1.0.6.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b44 Startzeit: 01ccf72e2967c47d Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe Berichts-ID: 91c65d00-6321-11e1-88d9-72f06d368626 [ Cisco AnyConnect VPN Client Events ] Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory [ System Events ] Error - 02.11.2011 09:33:36 | Computer Name = Eike-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR17 gefunden. Error - 16.11.2011 19:38:12 | Computer Name = Eike-Notebook | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{05087AF5-09D3-4071-B730-1F485CA40E76} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 16.11.2011 19:38:12 | Computer Name = Eike-Notebook | Source = NetBT | ID = 4321 Description = Der Name "EIKE-NOTEBOOK :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 16.11.2011 19:38:13 | Computer Name = Eike-Notebook | Source = NetBT | ID = 4321 Description = Der Name "EIKE-NOTEBOOK :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 28.11.2011 14:36:14 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?11.?2011 um 19:34:36 unerwartet heruntergefahren. Error - 29.11.2011 18:48:22 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?11.?2011 um 23:47:33 unerwartet heruntergefahren. Error - 16.01.2012 17:47:24 | Computer Name = Eike-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR11 gefunden. Error - 08.02.2012 16:38:44 | Computer Name = Eike-Notebook | Source = DCOM | ID = 10010 Description = Error - 27.02.2012 09:30:41 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?02.?2012 um 14:29:29 unerwartet heruntergefahren. Error - 29.02.2012 18:04:40 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?02.?2012 um 23:03:32 unerwartet heruntergefahren. < End of report > |
| Themen zu 50€ - Trojaner mal wieder... |
| 64-bit, alternate, autorun, bho, bildschirm, blockiert, canon, conduit, converter, defender, document, error, explorer, failed, fehler, firefox, flash player, format, gfnexsrv.exe, google chrome, google earth, home, ip-adresse, kaspersky, microsoft office starter 2010, microsoft office word, mp3, netzwerk, nvidia, plug-in, programm, registry, richtlinie, rundll, searchscopes, security, software, trojaner, usb, version=1.0 |
Baum-Darstellung