| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: desktop gesperrt, zahlung 100euro verlangt für freigabe (ähnlich bka-ukash)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.06.2012, 20:25
| #1 |
 |  desktop gesperrt, zahlung 100euro verlangt für freigabe (ähnlich bka-ukash) hallo liebes board, ich hatte ja gehofft euch nicht allzubald wieder aufsuchen zu müssen (nicht weil ich eure hilfe nicht schätzen würde, sondern weil ich gehofft hab, möglichst lange virenfrei zu bleiben..) leider muss ich euch schon wieder belästigen... zu meinem problem: habe mir was ähnliches wie die letzten beiden male angelacht. um euch das wühlen in den alten topics zu ersparen, hier nochmal kurz geschildert... desktop blockiert von einer "popupmeldung", die zur zahlung von 100 euro via Ukash auffordert (selber bla wie der allzubekannte BKA/Ukash) auch dieses ding benötigt internet, habe (leider aus erfahrungswerten) direkt das internet gekapt & neugestartet, funktioniert einwandfrei solang der nicht online kommt. beim anstöpseln vom internet blockiert der aber sofort. hab daraufhin direkt Malwarebytes durchlaufen lassen wollen, funktioniert aber nicht aufgrund eines unbekannten fehlers, antispyware hat 5 sachen gefunden und in quarantäne verschoben, antivir findet gar nichts... nun gut, ich hab euch glaub ich einen überblick verschaffen können was mein problem ist, hab anbei noch 2 OTL-logs angehangen. hoffe die helfen schonmal. OTL.txt OTL logfile created on: 24.06.2012 21:00:31 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\_OTL Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 710,53 Gb Free Space | 78,05% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,10% Space Free | Partition Type: NTFS Drive J: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive K: | 7,52 Gb Total Space | 6,59 Gb Free Space | 87,72% Space Free | Partition Type: FAT32 Computer Name: KENDRA-PC | User Name: Kendra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kendra\AppData\Local\Temp\jork_0_typ_col.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\Antispyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\_OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.) PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,) ========== Modules (SafeList) ========== MOD - C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\_OTL\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Labtec Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys () DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\tbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\tbFree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.15 15:41:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Kendra\AppData\Roaming\11001 [2012.03.19 19:27:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:56:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.29 15:27:53 | 000,000,000 | ---D | M] [2010.10.13 19:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Extensions [2011.07.20 17:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions [2011.07.20 17:15:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.13 16:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\66zard9t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.14 06:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions [2012.06.05 19:31:51 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} [2012.03.29 12:30:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.05.31 16:36:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.09.13 16:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.22 00:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kendra\AppData\Roaming\mozilla\Firefox\Profiles\c5ytg5he.default\extensions\nostmp [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\66zard9t.default\searchplugins\icqplugin.xml [2012.01.13 22:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.31 16:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.16 21:56:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.11.10 17:14:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.11.10 17:14:36 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.11.10 17:14:36 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.11.10 17:14:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.11.10 17:14:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.11.10 17:14:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.30 12:38:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\tbFree.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\tbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe () O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Users\Kendra\AppData\Local\Temp\jork_0_typ_col.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\Antispyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kendra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.06.24 18:48:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.06.22 19:27:27 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Roaming\Avira [2012.06.22 19:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Avira [2012.06.22 19:22:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.06.22 19:22:00 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.06.22 19:22:00 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.06.22 19:22:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.06.22 19:21:57 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.06.22 19:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.14 06:54:16 | 000,000,000 | ---D | C] -- C:\Users\Kendra\AppData\Local\Macromedia [2012.06.14 03:01:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.14 03:00:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.14 03:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.14 03:00:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.14 03:00:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.06.14 03:00:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2012.06.14 03:00:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.14 03:00:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.13 23:15:29 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.13 23:15:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.06.13 23:15:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.06.13 23:15:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.06.01 15:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\World of Warcraft [2 C:\Users\Kendra\AppData\Roaming\*.tmp files -> C:\Users\Kendra\AppData\Roaming\*.tmp -> ] [1 C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp files -> C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.24 20:58:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.06.24 20:51:57 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.24 20:51:57 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.24 20:44:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.24 20:44:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.24 20:44:30 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys [2012.06.24 20:29:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.24 20:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.24 18:49:59 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.24 18:49:59 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.24 18:49:59 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.24 18:49:59 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.23 14:22:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.06.23 14:22:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.06.22 19:22:11 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 10:31:13 | 001,372,320 | ---- | M] () -- C:\Users\Kendra\Nebenprogramme\Desktop\Vorlesung ACII-1(4) - Bor(uni münchen).pdf [2012.06.17 12:16:38 | 000,001,055 | ---- | M] () -- C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.14 03:22:31 | 000,466,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.07 11:32:00 | 117,773,897 | ---- | M] () -- C:\Users\Kendra\Götz widmann - Drogen.rar [2012.06.07 11:13:11 | 005,542,674 | ---- | M] () -- C:\Users\Kendra\Götz Widmann - Drogen - 16 - Hank starb an ner Ueberdosis Hasch.mp3 [2012.06.07 11:10:36 | 005,713,097 | ---- | M] () -- C:\Users\Kendra\Götz Widmann - Drogen - 04 - Chronik meines Alkoholismus.mp3 [2012.06.07 11:07:37 | 005,870,354 | ---- | M] () -- C:\Users\Kendra\Götz Widmann - Drogen - 03 - Zoellner vom Vollzug abhalten auf der A4.mp3 [2012.06.01 19:32:28 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2 C:\Users\Kendra\AppData\Roaming\*.tmp files -> C:\Users\Kendra\AppData\Roaming\*.tmp -> ] [1 C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp files -> C:\Users\Kendra\Nebenprogramme\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 19:22:11 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 10:31:13 | 001,372,320 | ---- | C] () -- C:\Users\Kendra\Nebenprogramme\Desktop\Vorlesung ACII-1(4) - Bor(uni münchen).pdf [2012.06.07 11:15:57 | 117,773,897 | ---- | C] () -- C:\Users\Kendra\Götz widmann - Drogen.rar [2012.06.07 11:12:26 | 005,542,674 | ---- | C] () -- C:\Users\Kendra\Götz Widmann - Drogen - 16 - Hank starb an ner Ueberdosis Hasch.mp3 [2012.06.07 11:09:48 | 005,713,097 | ---- | C] () -- C:\Users\Kendra\Götz Widmann - Drogen - 04 - Chronik meines Alkoholismus.mp3 [2012.06.07 11:06:49 | 005,870,354 | ---- | C] () -- C:\Users\Kendra\Götz Widmann - Drogen - 03 - Zoellner vom Vollzug abhalten auf der A4.mp3 [2011.05.01 14:41:51 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.01.05 23:12:13 | 000,027,136 | ---- | C] () -- C:\Windows\System32\qtuninst.dll [2010.11.21 22:02:22 | 000,000,298 | ---- | C] () -- C:\Users\Kendra\AppData\Roaming\wklnhst.dat [2010.11.10 20:23:01 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.10.30 17:31:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.15 15:24:27 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.10.15 15:24:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.10.15 15:24:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2010.04.29 10:23:33 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.04.29 10:23:32 | 000,202,234 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.02.04 12:45:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.02.04 12:16:49 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe [2010.01.26 17:35:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.26 17:04:43 | 000,000,017 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010.01.26 16:48:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,466,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 20:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 23:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.07.03 14:12:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008.07.03 14:12:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2008.07.03 14:12:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008.07.03 14:12:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2007.03.06 17:50:30 | 001,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys [2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2012.03.18 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\10017 [2012.03.19 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\11001 [2010.10.18 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ALDI_SUED_Mah_Jong [2011.11.10 18:53:32 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Audio Recorder for Free [2010.10.13 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\CheckPoint [2012.03.23 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DAEMON Tools Lite [2010.12.14 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DataCast [2012.06.24 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Dropbox [2011.12.31 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DVDVideoSoft [2011.04.08 23:45:52 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.25 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\FreeVideoConverter [2012.02.16 22:48:16 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\gtk-2.0 [2012.06.21 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\ICQ [2012.03.18 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\kock [2011.08.10 14:36:29 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\LolClient [2010.10.13 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\MAGIX [2010.11.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\Template [2012.06.01 15:10:44 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\TS3Client [2012.03.19 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\UAs [2012.03.18 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Kendra\AppData\Roaming\xmldm [2012.04.02 16:46:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report und extra.txt: OTL Extras logfile created on: 24.06.2012 21:00:31 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kendra\Nebenprogramme\Desktop\Wichtig\Trojanerboard\TB\_OTL Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 710,53 Gb Free Space | 78,05% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,10% Space Free | Partition Type: NTFS Drive J: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive K: | 7,52 Gb Total Space | 6,59 Gb Free Space | 87,72% Space Free | Partition Type: FAT32 Computer Name: KENDRA-PC | User Name: Kendra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New "{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English "{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish "{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing "{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver "{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese "{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF55095E-07AA-432E-8376-CEF71D70746A}_is1" = Vampires Dawn: Reign of Blood "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish "{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "Audio Recorder for Free_is1" = Audio Recorder for Free 2010 v12.8.2 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup.divx.com" = DivX-Setup "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206 "FreeSoundRecorder Toolbar" = FreeSoundRecorder Toolbar "ICQToolbar" = ICQ Toolbar "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa 3" = Picasa 3 "QuickTime 3.0" = QuickTime 3.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.10 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Dropbox" = Dropbox "GeoGebra 4" = GeoGebra 4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.06.2012 13:00:01 | Computer Name = Kendra-PC | Source = Windows Backup | ID = 4103 Description = Error - 21.06.2012 14:03:30 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ccb60 ID des fehlerhaften Prozesses: 0xf7c Startzeit der fehlerhaften Anwendung: 0x01cd4fc0325a704b Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 682b0b3e-bbcb-11e1-b61c-6c626d492863 Error - 22.06.2012 03:58:51 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x0016b4ac ID des fehlerhaften Prozesses: 0xdc8 Startzeit der fehlerhaften Anwendung: 0x01cd5048318f3fd3 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 1a480af6-bc40-11e1-9d2a-6c626d492863 Error - 22.06.2012 13:23:12 | Computer Name = Kendra-PC | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x66f82fb9] Bitte Avira informieren und die obige Datei übersenden! Error - 22.06.2012 15:27:39 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x001a4b75 ID des fehlerhaften Prozesses: 0x14cc Startzeit der fehlerhaften Anwendung: 0x01cd50ab8de15eac Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 53b6eee0-bca0-11e1-8828-6c626d492863 Error - 24.06.2012 12:48:51 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel: 0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften Prozesses: 0x4fc Startzeit der fehlerhaften Anwendung: 0x01cd522930bcc367 Pfad der fehlerhaften Anwendung: K:\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 794f1b06-be1c-11e1-9547-6c626d492863 Error - 24.06.2012 13:44:11 | Computer Name = Kendra-PC | Source = Windows Backup | ID = 4104 Description = Error - 24.06.2012 14:47:15 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel: 0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften Prozesses: 0x10d4 Startzeit der fehlerhaften Anwendung: 0x01cd5239bca72dc6 Pfad der fehlerhaften Anwendung: K:\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 03ec44bf-be2d-11e1-a672-6c626d492863 Error - 24.06.2012 14:47:24 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel: 0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften Prozesses: 0x12f8 Startzeit der fehlerhaften Anwendung: 0x01cd5239c9fdfad4 Pfad der fehlerhaften Anwendung: K:\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 096a0868-be2d-11e1-a672-6c626d492863 Error - 24.06.2012 14:58:59 | Computer Name = Kendra-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.80, Zeitstempel: 0x4f6b9931 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften Prozesses: 0x328 Startzeit der fehlerhaften Anwendung: 0x01cd523b631d25df Pfad der fehlerhaften Anwendung: K:\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: a7a406e8-be2e-11e1-a672-6c626d492863 [ OSession Events ] Error - 15.02.2011 15:38:29 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.02.2011 15:38:37 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.02.2011 15:38:45 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.02.2011 15:38:51 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.02.2011 15:39:01 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.02.2011 12:55:46 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.04.2011 08:14:14 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.12.2011 10:30:25 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 05.12.2011 13:38:01 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.12.2011 17:03:56 | Computer Name = Kendra-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.05.2012 05:04:38 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:04:38 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:04:38 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:04:38 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:07:18 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:07:18 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:07:19 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 18.05.2012 05:07:19 | Computer Name = Kendra-PC | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 47. Error - 05.06.2012 14:09:14 | Computer Name = Kendra-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 07.06.2012 04:36:28 | Computer Name = Kendra-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?06.?06.?2012 um 10:23:37 unerwartet heruntergefahren. < End of report > PS.: ich weiß leider nicht mehr wie man das in diesen tollen platzsparenden scrollfenstern einfügt (habs auch nicht gefunden) wäre über einen rat diesbezüglich dankbar, und hoffe das ihr mir auch bei meinem "kleinen virus" wieder helfen könnt möglichst ohne datenverlust und co..  Pondiki |
| Themen zu desktop gesperrt, zahlung 100euro verlangt für freigabe (ähnlich bka-ukash) |
| antivir, aufsuchen, avira, bho, bka/ukash, blockiert, conduit, converter, desktop, error, euro, firefox, firefox 13.0.1, flash player, google earth, helper.exe, home, internet, logfile, microsoft office word, mp3, nodrives, office 2007, pando media booster, picasa, plug-in, problem, realtek, registry, scan, security, senden, software, taskhost.exe, teamspeak, warnung, windows, zahlung |
Baum-Darstellung