| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt - 100 Euro überweisenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.07.2012, 19:21
| #1 |
| |  Computer gesperrt - 100 Euro überweisen Hi, hab mir auch so einen Trojaner eingefangen, der den PC gesperrt hat. Mit Malewarebytes geht es wieder, wollte jetzt auch OLT ausführen, aber da stand, dass man nicht die Scripte von anderen nehmen soll. MfG und Danke im voraus Kriz Anbei der Maleware-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.09 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6002.18005 Jürgen :: JÜRGEN-PC [Administrator] 23.07.2012 18:24:08 mbam-log-2012-07-23 (18-24-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410985 Laufzeit: 1 Stunde(n), 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|recdisc (Trojan.Agent.3D) -> Daten: C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll (PUP.FunWebProducts) -> Keine Aktion durchgeführt. C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00OMB1YM\Everest%20Poker[1].exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\TMP0000000FCF76AA0CEC833F71 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 23.07.2012 20:44:44 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jürgen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free 2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32 Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 15:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2008.04.13 19:23:22 | 000,308,552 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuard.exe PRC - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.04.23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Programme\maus\SetPoint\SetPoint.exe PRC - [2007.04.11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2007.02.08 20:13:50 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\TV Enhance\TVEService.exe PRC - [2007.02.04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2006.12.07 02:33:56 | 000,820,736 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe PRC - [2006.12.01 14:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.23 16:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.08.23 17:55:12 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2011.06.14 01:52:21 | 000,329,272 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\ppgooglenaclpluginchrome.dll MOD - [2011.06.14 01:52:20 | 003,649,592 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\pdf.dll MOD - [2011.06.14 01:50:47 | 000,104,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avutil-50.dll MOD - [2011.06.14 01:50:45 | 000,203,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avformat-52.dll MOD - [2011.06.14 01:50:43 | 001,846,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avcodec-52.dll MOD - [2007.05.22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.02.08 20:14:22 | 000,339,968 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLTinyDB.dll MOD - [2007.02.08 20:14:06 | 000,237,658 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapEngine.dll MOD - [2007.02.08 20:14:06 | 000,114,772 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLSchMgr.dll MOD - [2007.02.08 20:14:06 | 000,032,768 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapSvcps.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.23 20:12:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008.09.20 13:05:49 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.03.20 12:24:58 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.28 13:03:57 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2007.11.06 21:00:00 | 008,230,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.10.28 13:04:05 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.04.11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.04.11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.04.11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.01.27 12:06:54 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys -- (Reconn) DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt) DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32) DRV - [2006.09.28 23:41:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SUNA_deDE235&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z600txG2ZrVf0P0waeNLih3vIeE?q={searchTerms} IE - HKCU\..\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2007.08.13 18:42:07 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: TelevisionFanatic Installer Plugin Stub (Enabled) = C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: DhcpNameServer = 217.68.161.141 217.68.161.171 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 20:11:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.07.23 19:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.23 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.07.23 18:22:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 18:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.23 18:17:34 | 005,249,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.21 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\hellomoto [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.23 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 20:42:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.23 20:14:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.07.23 19:57:08 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job [2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 19:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 19:31:44 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys [2012.07.23 18:17:34 | 005,249,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.17 14:52:00 | 000,007,728 | ---- | M] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat [2012.07.16 11:15:42 | 000,014,848 | ---- | M] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps [2012.07.16 11:15:42 | 000,005,026 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.07.13 09:20:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.13 09:20:21 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.13 09:20:21 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.13 09:20:21 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 11:28:23 | 000,395,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.12 11:24:42 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr [2012.07.07 22:51:09 | 006,761,472 | ---- | M] () -- C:\Users\Jürgen\Documents\Hannelore.wps [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.23 19:57:08 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.23 19:53:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 19:31:44 | 1072,160,768 | -HS- | C] () -- C:\hiberfil.sys [2012.07.16 11:15:42 | 000,014,848 | ---- | C] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps [2012.07.12 11:20:00 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr [2012.07.07 22:51:08 | 006,761,472 | ---- | C] () -- C:\Users\Jürgen\Documents\Hannelore.wps [2009.12.12 22:19:18 | 000,000,234 | ---- | C] () -- C:\Users\Jürgen\Goya.ini [2007.11.18 15:37:42 | 000,292,069 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\mdb.bin [2007.10.02 15:45:47 | 000,852,480 | -HS- | C] () -- C:\Users\Jürgen\ehthumbs_vista.db [2007.05.08 17:49:46 | 009,794,421 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\UserTile.png [2007.04.17 19:35:40 | 000,000,034 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\Default.PLS [2007.04.01 11:39:35 | 000,007,728 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat [2007.03.25 22:15:43 | 000,054,272 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.25 16:24:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT [2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav [2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jürgen\AppData\Roaming\Drums [2007.03.25 16:19:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT [2007.03.25 16:19:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Equalizer [2007.03.25 14:35:45 | 000,005,026 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2009.07.12 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\BullGuard [2011.08.23 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Canon [2010.08.13 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\CD-LabelPrint [2012.07.21 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\hellomoto [2008.02.21 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX [2008.02.20 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX-Fotobuch [2007.06.03 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\muvee Technologies [2007.03.25 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nikon [2007.12.05 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\ScanSoft [2010.03.14 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template [2007.03.25 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\TVcentral-Core [2007.03.25 15:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Ulead Systems [2012.07.22 05:34:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2012 20:44:44 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free
2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AB0C72-BA61-4ACC-8A05-E23381C67587}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{24DA8DA6-2CA6-43C5-8007-A77F2D01D229}" = lport=445 | protocol=6 | dir=in | app=system |
"{31222795-AFE2-46C2-BDC7-1ED19B577BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3495AA1D-0350-4212-8134-10CBEF44410D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{410204F3-A619-40B3-A9B7-1624168DE2F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{4174D69D-5CC3-4BB6-ABC5-5D6D7DA25D48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57C95527-FD1C-433F-BF88-7D622BE65253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71CDE941-97F3-4BA5-B560-62E4CA8BB128}" = lport=138 | protocol=17 | dir=in | app=system |
"{84B15899-52E2-4901-A406-AD7D8B22C52E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8BD35B35-8229-4DA9-8B94-A9B156CEE352}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EFEA8AF-865E-44A7-B3EF-208EB8380877}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8FB94EA2-78E9-4C14-B512-00601DD2F2DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95045D2D-4EB6-48E3-85EE-782AE1AE883E}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAA51D81-AEAA-4D0D-8F4E-C6AFCEC640F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB2E8AFB-8421-40FC-980A-771A432FA2D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D13D9073-39F1-4D24-B711-0A6208B48F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC8284CA-D7FA-4097-AC86-B4B384627601}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9FFEA09-8CAB-493A-87FA-BEF6E6D9EDCD}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE46932-64F5-4239-8EB5-2548D18888D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{1433B4E2-E8F7-4FAB-89EF-010FE1FA6B77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{9DC8466E-A673-41F0-B2E5-551C1E2D89B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0117510-2CF3-4FF6-BA36-D964A291FBF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9341E55-7242-41F1-BEF2-C6A79D665A16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{11BC7474-4BF3-473F-BE38-3332B037E4D7}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{9BE8E041-97EB-42E0-BB17-3508C947BB7D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F4C67051-BF69-4317-BEBB-AFB0014AD6F6}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{BAF25AB1-DB0F-4905-8723-388284D00446}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C7ABAC27-1D72-490E-89EF-E743892E9479}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{CA7320D2-D660-4B8B-A432-84C7BA5566C3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{29CBFC23-05A7-4286-93B8-BABE29BC1031}" = Nero 7 Essentials
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"BullGuard" = BullGuard 7.0 for Vista
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex extraction audio
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla" = FileZilla (remove only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Skype_is1" = eBay.de - Skype 3.0
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:38:55 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:17 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:19 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 23.07.2012 12:13:30 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:13:39 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:13:42 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:07 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:26 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.07.2012 12:34:38 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 13:35:45 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 23.07.2012 13:42:35 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
| Themen zu Computer gesperrt - 100 Euro überweisen |
| 2.0.7, administrator, anti-malware, appdata, autostart, canon, code, computer, dateien, ebay.de, euro, explorer, files, gelöscht, gen, gesperrt, heuristiks/extra, heuristiks/shuriken, install.exe, intranet, malwarebytes, microsoft, microsoft office word, plug-in, quarantäne, scripte, searchscopes, service, service pack 2, software, speicher, tmp, trojaner, version, vista |
Baum-Darstellung