Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sparda BW multiple TAN-Eingabe (100) - trotz Antivir

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.06.2012, 18:20   #1
Marcus68
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Hallo,

ich bin eigentlich ein recht erfahrener PC Nutzer, kriege aber die lästige TAN Eingabeaufforderung auf dem privaten PC meiner Frau nicht los. Jedes mal, wenn Sie bei der Sparda auf Ihr Konto will oder bspw auf das Demokonto klickt, erhält sie die Aufforderung 100 TANs "zwecks Umstellung" einzugeben.

AVIRA Antivir ist aktuell, ich habe auf Anraten des BSI den Avira-DE-Cleaner laufen lassen, sowie Malwarebytes' Anti Malware. Dabei wurden zwar 33 malwares gefunden, nach Entfernung ist das Ergebnis aber das Gleiche.

Nun habe ich also OTL laufen lassen, siehe unten, bei GMER stürzt der PC immer ab (hatteich von www2.gmer.net geladen).

Bitte um Hilfe was ich noch tun kann und bedanke mich im Voraus für jeden Tipp.

Marcus



OTL logfile created on: 03.06.2012 17:46:18 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Simone\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,75% Memory free
6,00 Gb Paging File | 2,81 Gb Available in Paging File | 46,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 760,69 Gb Free Space | 83,55% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,32 Gb Free Space | 51,61% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,86 Gb Free Space | 94,92% Space Free | Partition Type: FAT
Drive J: | 931,28 Gb Total Space | 809,89 Gb Free Space | 86,96% Space Free | Partition Type: FAT32

Computer Name: ALLESUGO | User Name: Simone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.03 17:45:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Simone\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 20:30:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 11:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:48:11 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 11:48:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 11:48:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 11:48:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 08:07:30 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.03.27 14:40:49 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011.09.15 20:41:56 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE
PRC - [2011.07.07 07:44:06 | 000,101,064 | ---- | M] (IBM Corp.) -- C:\Programme\IBM\SPSS\Statistics\20\stats.exe
PRC - [2011.07.07 07:43:58 | 000,038,600 | ---- | M] (IBM Corp.) -- C:\Programme\IBM\SPSS\Statistics\20\spssengine.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.04 09:27:08 | 000,148,744 | R--- | M] (IBM) -- C:\Programme\IBM\SPSS\Statistics\20\JRE\bin\javaw.exe
PRC - [2011.03.04 09:27:04 | 000,148,744 | R--- | M] (IBM) -- C:\Programme\IBM\SPSS\Statistics\20\JRE\bin\java.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.15 21:32:44 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.08.28 13:37:24 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.07.27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.06.09 15:12:08 | 000,096,088 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 18:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.06.28 11:05:44 | 009,320,448 | ---- | M] (StataCorp LP) -- C:\Programme\Stata10\wsestata.exe
PRC - [2007.04.09 15:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Programme\Nortel Networks\NvcRpcSvr.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.22 20:30:29 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.04 08:07:31 | 001,952,728 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2012.05.04 08:07:31 | 000,162,776 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.05.04 08:07:31 | 000,021,976 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.01.03 22:52:52 | 007,581,696 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.01 13:49:56 | 000,020,480 | R--- | M] () -- C:\Programme\IBM\SPSS\Statistics\20\XalanMessages_1_11.dll
MOD - [2011.06.01 13:48:00 | 000,100,352 | R--- | M] () -- C:\Programme\IBM\SPSS\Statistics\20\XML4CMessages5_7.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009.10.03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.09.09 07:57:12 | 000,491,520 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\ssp6mdu.dll
MOD - [2009.08.28 13:37:24 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2012.05.22 20:30:30 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 11:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 11:48:11 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 11:48:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 10:29:47 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:21:37 | 000,085,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.11.20 14:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 14:17:11 | 000,523,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010.11.20 14:17:07 | 000,556,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010.11.15 21:32:44 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.12.22 20:39:06 | 000,136,120 | ---- | M] (Google) [Disabled | Stopped] -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.07.14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009.07.14 03:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009.07.14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009.07.14 03:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.04.09 15:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Programme\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2012.05.08 11:48:12 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:48:12 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.17 13:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 13:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 13:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 13:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.11.15 21:19:11 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 01:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 15:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.05.13 14:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 14:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.03.02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.04.09 15:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007.04.09 15:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007.04.09 15:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {59F892C9-2543-4D05-84A6-A696FE29C87E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3097DB9F-A6B9-4C64-AF84-0F0C03B1FECD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{59F892C9-2543-4D05-84A6-A696FE29C87E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.22 20:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.08 11:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.19 20:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.04.10 11:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simone\AppData\Roaming\mozilla\Extensions
[2010.04.10 11:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simone\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.18 08:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\e80yulu6.default\extensions
[2012.05.18 08:08:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\e80yulu6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.19 21:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.22 11:33:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.24 10:59:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.22 20:30:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.20 18:20:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.20 18:20:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.20 18:20:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.20 18:20:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.20 18:20:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.20 18:20:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Muyqez] C:\Users\Simone\AppData\Roaming\Otyxco\imif.exe (Martin Prikryl)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBD8558-B6F1-45AD-9621-9E9E3D6E32BA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.29 09:08:56 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Malwarebytes
[2012.05.29 09:08:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.29 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.22 20:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.22 20:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.22 20:24:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.22 20:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.22 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Rubuly
[2012.05.22 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Otyxco
[2012.05.22 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Roaming\Amupor
[2012.05.08 11:53:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.07 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\AskToolbar
[1 C:\Users\Simone\Desktop\*.tmp files -> C:\Users\Simone\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.03 17:14:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 13:22:18 | 000,001,070 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 13:22:04 | 000,001,040 | ---- | M] () -- C:\Users\Simone\Desktop\Dropbox.lnk
[2012.05.31 21:12:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 21:12:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 09:08:52 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.27 09:06:16 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.27 09:06:16 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.27 09:06:16 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.27 09:06:16 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.27 09:02:01 | 288,891,305 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.27 09:01:54 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 08:34:22 | 000,002,083 | ---- | M] () -- C:\Users\Simone\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.05.23 08:34:22 | 000,002,012 | ---- | M] () -- C:\Users\Simone\Desktop\Avira DE-Cleaner.lnk
[2012.05.22 20:14:30 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.08 11:54:39 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.08 11:48:12 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 11:48:12 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.07 16:40:51 | 000,588,315 | ---- | M] () -- C:\Users\Simone\Desktop\Krumpal-Vatter-2008-Ökonomisches Wählen.pdf
[1 C:\Users\Simone\Desktop\*.tmp files -> C:\Users\Simone\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.29 09:08:52 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 20:40:06 | 000,002,083 | ---- | C] () -- C:\Users\Simone\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.05.22 20:40:06 | 000,002,012 | ---- | C] () -- C:\Users\Simone\Desktop\Avira DE-Cleaner.lnk
[2012.05.08 11:54:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.05.08 11:54:13 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.07 16:40:49 | 000,588,315 | ---- | C] () -- C:\Users\Simone\Desktop\Krumpal-Vatter-2008-Ökonomisches Wählen.pdf
[2012.01.24 12:03:45 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.01.24 12:03:45 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.11.13 09:04:39 | 000,000,000 | ---- | C] () -- C:\Users\Simone\AppData\Roaming\psppirerc
[2011.11.10 08:57:58 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.11.10 08:57:24 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll
[2011.05.07 13:06:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011.05.07 13:06:08 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.08.15 15:04:23 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2011.10.30 14:41:39 | 000,000,000 | -HSD | M] -- C:\Users\Simone\AppData\Roaming\.#
[2011.10.30 14:34:24 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\ALDI_SUED_Mah_Jong
[2010.07.03 21:15:42 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Amazon
[2012.06.03 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Amupor
[2010.08.15 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Canneverbe Limited
[2011.10.12 11:59:08 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Canon
[2012.06.03 17:35:24 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Dropbox
[2011.11.13 09:02:30 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\gtk-2.0
[2011.05.07 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\LG Electronics
[2010.08.15 14:50:47 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\MAGIX
[2011.11.20 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Nokia
[2011.11.20 19:50:45 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Nokia Suite
[2012.05.22 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Otyxco
[2011.11.20 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\PC Suite
[2012.05.22 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Rubuly
[2011.06.23 10:06:36 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Stata10
[2010.04.10 11:36:14 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Thunderbird
[2010.04.29 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Win7codecs
[2010.02.16 08:38:55 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Windows Live Writer
[2010.12.24 09:07:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 03.06.2012 17:46:18 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Simone\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,75% Memory free
6,00 Gb Paging File | 2,81 Gb Available in Paging File | 46,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 760,69 Gb Free Space | 83,55% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,32 Gb Free Space | 51,61% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,86 Gb Free Space | 94,92% Space Free | Partition Type: FAT
Drive J: | 931,28 Gb Total Space | 809,89 Gb Free Space | 86,96% Space Free | Partition Type: FAT32

Computer Name: ALLESUGO | User Name: Simone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052ED260-56CB-40B1-8FA0-1A27F4FDC5D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1607944C-6C71-4068-8E9D-D1CF2ED42652}" = lport=139 | protocol=6 | dir=in | app=system |
"{249F020F-51E9-404C-B0B8-F3E21D185181}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B187C99-29E0-4933-951B-48B7971E1D5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{4211795C-E1F7-401A-AFDC-76877B28760C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D5709D4-4634-49B6-822E-9D39D4AAE69B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62C30BAD-9C6C-4202-A5B4-5B7578397760}" = rport=445 | protocol=6 | dir=out | app=system |
"{829DBB4D-8A88-42E7-9F94-94767C11C390}" = rport=137 | protocol=17 | dir=out | app=system |
"{A484BF1A-6668-45C3-B8A4-723CA94FDCA5}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4BCFC3E-73EF-4240-9571-8EAFDBAF3099}" = lport=138 | protocol=17 | dir=in | app=system |
"{A722C630-96B6-46D4-9E21-255CD8ADC68C}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA0921DD-A5EC-485F-9F8B-7A6100BEB1B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D16865EB-EDF1-4B9C-AA89-77125985AB3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3B9EBB4-7E3A-40CF-8FA9-D0D684594C18}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5DA2D2C-AD10-4A08-8C93-0C4DDF503E3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F66AC155-0A78-4441-9289-1900FE6303C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E51BB87-36B7-438B-A346-FB88C7D4B744}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{1EF792E4-8AC4-4707-B344-1ADA12BD85C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2A5ECD12-03C6-43F2-818D-39B9B3297459}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3DCCC838-CF6B-4956-8420-649F65E44CCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B30F85F-6DBF-417B-977A-7211A30264CA}" = protocol=17 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe |
"{4CE32DE2-886B-4701-A1E5-60E4DDA48A02}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5DA814B4-F170-4093-A945-76CCB2F3325B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{617E555B-8525-42C0-A3E1-D4E6D6FA790C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{73AC4889-3588-4C39-ADED-1CDEE5E45844}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{7959B4D4-6C5F-4ADD-879D-2D554F51F23D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8103CBFE-7502-4969-A9FC-73D3262B1168}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8185FBD9-4B40-470E-B82D-99CF56B5E6CF}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{82388F79-6ED2-47DC-8111-9DF339D1A171}" = protocol=6 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe |
"{827FD89C-956A-4D62-871C-682C1DB7B3BF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89A27F8A-1030-445B-8E59-EF38ED9AC38A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{9264E1AA-386D-47E1-B9B5-DF50D24D768B}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{B07BFFB2-FA68-4507-BE94-3BF1E7FFAB94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7E09284-5DEA-47B5-B0B4-5113186AD2E7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BFF3D6F2-F324-4C82-BDCB-BA79B3D124A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3CF7EA2-5096-46DF-B562-E993F0E8E611}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D3E748C9-E890-4C42-AC32-70016CFAEDB6}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{E47313BE-A003-4529-B3A0-D352E394FDA2}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{EA9B8FCB-D5B9-4BCF-BE3B-535A0B2C3CDF}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{EB0548C9-DD0F-4138-A879-333B1A37164F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F6630D38-6924-4687-A230-6D3EB1FEC646}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FBEF75C9-5138-40BB-BC8A-B09530DAF398}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{14FCB219-FD3F-41C5-BEEB-F4E31F0AFE3F}C:\program files\nortel networks\extranet.exe" = protocol=6 | dir=in | app=c:\program files\nortel networks\extranet.exe |
"TCP Query User{6771FA85-096D-4230-9638-2D6CC9226116}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{71669989-7F78-4D0A-8351-8BF20FB36F38}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DD9A7056-FA8B-439F-AEF6-7DF5FE60D873}C:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{21138FD3-0397-41E5-9C39-B1099B4473A8}C:\program files\nortel networks\extranet.exe" = protocol=17 | dir=in | app=c:\program files\nortel networks\extranet.exe |
"UDP Query User{CAC580FC-0863-458E-AC83-BDB829BFBB60}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{DD909324-35E7-4E10-AF7C-2B9A6A07A878}C:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F583EA40-1FF8-4E84-8A16-9992759A74FB}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8ED940-7726-45BD-B928-E4694F1AFB50}" = NetSkat
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786723E1-FE5C-4F2B-BF00-25888DFBC758}" = NetSkat
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{AFBD3104-3F35-4FB0-80FB-B09AA20E7D76}" = Cisco AnyConnect VPN Client
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3668066-1C86-4825-8E27-BE0F71109F2A}" = Skat 8.4
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"B426B849-6071-5684-6429-7BE6B77DAB5B" = PSPP
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CDex" = CDex - Open Source Digital Audio CD Extractor
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"Samsung ML-2525W Series" = Wartung Samsung ML-2525W Series
"Samsung ML-4600 PCL 6" = Samsung ML-4600 PCL 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.02.2012 04:02:24 | Computer Name = AllesUgo | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 26.02.2012 08:54:21 | Computer Name = AllesUgo | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 24.03.2012 08:35:28 | Computer Name = AllesUgo | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 26.03.2012 14:11:19 | Computer Name = AllesUgo | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 02.04.2012 05:40:16 | Computer Name = AllesUgo | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 14.04.2012 05:19:19 | Computer Name = AllesUgo | Source = System Restore | ID = 8193
Description =

Error - 14.04.2012 05:19:19 | Computer Name = AllesUgo | Source = System Restore | ID = 8211
Description =

Error - 14.04.2012 05:19:21 | Computer Name = AllesUgo | Source = VSS | ID = 12289
Description =

Error - 07.05.2012 12:12:02 | Computer Name = AllesUgo | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x61654672 ID des fehlerhaften
Prozesses: 0x168c Startzeit der fehlerhaften Anwendung: 0x01cd2c6bfba0e1c0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 614ae980-985f-11e1-9d5e-444553544200

Error - 03.06.2012 11:51:20 | Computer Name = AllesUgo | Source = Windows Search Service | ID = 3007
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 28.05.2012 06:20:17 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr:eterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 28.05.2012 06:20:17 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 28.05.2012 06:20:17 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 28.05.2012 06:20:17 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr:eterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 29.05.2012 01:45:12 | Computer Name = ALLESUGO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

[ OSession Events ]
Error - 16.02.2010 14:49:02 | Computer Name = Ugo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.06.2010 15:34:03 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 15159
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 21.12.2010 11:24:03 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 688
seconds with 600 seconds of active time. This session ended with a crash.

Error - 22.08.2011 10:20:15 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 20799 seconds with 3480 seconds of active time. This session ended with
a crash.

Error - 22.08.2011 11:37:06 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4445 seconds with 1380 seconds of active time. This session ended with a
crash.

Error - 05.09.2011 08:18:25 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 11872 seconds with 1560 seconds of active time. This session ended with
a crash.

Error - 11.12.2011 13:23:41 | Computer Name = AllesUgo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10434 seconds with 2400 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 01.06.2012 12:41:34 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 02.06.2012 02:03:51 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 02.06.2012 03:29:52 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 02.06.2012 04:46:30 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 02.06.2012 06:05:09 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 02.06.2012 08:22:14 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 03.06.2012 03:27:35 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 03.06.2012 09:37:19 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 03.06.2012 11:14:15 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 03.06.2012 11:14:16 | Computer Name = AllesUgo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058


< End of report >

Alt 05.06.2012, 16:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Mal wieder fehlen die MBAM-Logs!

Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 05.06.2012, 16:42   #3
Marcus68
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Sorry!! Hier schon mal der Log von dem Quickscan - der lange Scan läuft gerade

Danke für die Hilfe!

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Simone :: ALLESUGO [Administrator]

03.06.2012 19:37:11
mbam-log-2012-06-03 (19-37-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 464464
Laufzeit: 1 Stunde(n), 50 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 05.06.2012, 19:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Poste bitte alle vorhandenen Logs! V.a. die mit Funden! Nur solche ohne Funde sind etwas belanglos wenn Malwarebytes fündig wurde
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.06.2012, 21:54   #5
Marcus68
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Hallo,

den letzten Log habe ich leider nicht mehr - ich meine den mit den Funden. Ich hatte dabei 35 infizierte Objekte und habe diese von Malwarebytes entfernen lassen.

Und hier noch mal der vollständige Scan - nach Aktualisierung:

Das ist es ja auch was mich verwirrt: Malwarebytes findet keine infizierten Objekte mehr - das Verhalten ist aber noch da.

Viele Grüße
Marcus

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Simone :: ALLESUGO [Administrator]

05.06.2012 17:44:34
mbam-log-2012-06-05 (17-44-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 465891
Laufzeit: 1 Stunde(n), 46 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Alt 05.06.2012, 22:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Standard

Sparda BW multiple TAN-Eingabe (100) - trotz Antivir



Wieso löscht du die Logs voreilig!

Ich hoffe für dich nicht, dass du die Logs entsorgt hast. Denn dann ist alles nur noch
Schau mal nach ob die Logs noch hier zu sehen sind in Form von Textdateien. Damit du die Ordner auch siehst das hier VORHER umsetzen!! => http://www.trojaner-board.de/59624-a...-sichtbar.html

Hauptlogs nach Scans (Quick, Full oder Flash):
  • XP:
    C:\Dokumente und Einstellungen\(USER)\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt

  • Vista, Windows 7, 2008:
    C:\Users\(USER)\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt
__________________
--> Sparda BW multiple TAN-Eingabe (100) - trotz Antivir

Antwort

Themen zu Sparda BW multiple TAN-Eingabe (100) - trotz Antivir
antivir, autorun, avira searchfree toolbar, benutzerregistrierung, bho, bingbar, bonjour, desktop, entfernen, error, failed, fehler, firefox, flash player, google, helper, home, iexplore.exe, install.exe, logfile, microsoft office word, mozilla, office 2007, policyagent, realtek, recuva, registry, richtlinie, scan, searchscopes, security, senden, software, version=1.0, windows



Ähnliche Themen: Sparda BW multiple TAN-Eingabe (100) - trotz Antivir


  1. Sound Probleme bei Tastatur eingabe und die eingabe selbst hackt auch! Verschwunden nach Neustart, kehrt aber wieder wen ich Online gehe
    Log-Analyse und Auswertung - 30.01.2014 (5)
  2. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  3. Sparda-Bank Cardreader gesucht
    Überwachung, Datenschutz und Spam - 22.03.2012 (19)
  4. Sparda Bank TAN Trojaner
    Log-Analyse und Auswertung - 20.05.2011 (3)
  5. Banking Trojaner? Sparda Bank
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (23)
  6. Ratlos, denn ich bekomme meinen pc nicht sauber trotz maleware,otl,antivir
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (111)
  7. Trotz AntiVir de-Installation noch Werbung beim Hochfahren
    Antiviren-, Firewall- und andere Schutzprogramme - 24.11.2010 (2)
  8. TAN-Abfrage Trojaner und Bluescreens mit Windows 7 trotz antivir, malewarebytes und spybot
    Log-Analyse und Auswertung - 13.10.2010 (6)
  9. Antivir meldet Virus trotz angeblicher ENtfernung durch Malware Bytes
    Log-Analyse und Auswertung - 12.07.2010 (1)
  10. Kann Rogue Multiple trotz befolgter Anleitung nicht aus windows/system32/dr* löschen
    Plagegeister aller Art und deren Bekämpfung - 16.03.2010 (2)
  11. Mailversandbeschränkung der Telekom wegen SPAM (trotz Antivir etc.)
    Log-Analyse und Auswertung - 01.03.2010 (15)
  12. Trotz Entfernung des Fake Virenprogs läuft Antivir nicht
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (1)
  13. Trotz Formation bleibt der antivir bei einer DLL datei hängen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2009 (12)
  14. Windows Sicherheitswarnung: Keine Antivirsoftware trotz aktivem Antivir
    Mülltonne - 16.09.2009 (1)
  15. Werbung trotz URL-Eingabe
    Log-Analyse und Auswertung - 06.04.2007 (10)
  16. Virenfund trotz Antivir
    Log-Analyse und Auswertung - 03.01.2007 (6)
  17. CWS trotz Spybot, Ad-Aware, BHODeamon, Zonealarm und Antivir
    Plagegeister aller Art und deren Bekämpfung - 22.06.2005 (10)

Zum Thema Sparda BW multiple TAN-Eingabe (100) - trotz Antivir - Hallo, ich bin eigentlich ein recht erfahrener PC Nutzer, kriege aber die lästige TAN Eingabeaufforderung auf dem privaten PC meiner Frau nicht los. Jedes mal, wenn Sie bei der Sparda - Sparda BW multiple TAN-Eingabe (100) - trotz Antivir...
Archiv
Du betrachtest: Sparda BW multiple TAN-Eingabe (100) - trotz Antivir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.