| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 100 Euro wegen angeblicher illegaler Sachen bezahlenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2012, 07:40
| #1 |
 |  100 Euro wegen angeblicher illegaler Sachen bezahlen Hallo miteinander, meine Schwester hat mir ihren Laptop vorbei gebracht da sie vorgestern Abend beim surfen im Internet die Meldung bekam, das sie illligalen Sachen auf dem Laptop angeblich machen soll und dafür 100 Euro zahlen muss bevor der Rechner entsperrt wird. Gleich den Rechner ausgeschaltet und diverse Scans durchlaufen lassen. Hier mal die Logs dazu: OTL Log: Code:
ATTFilter OTL logfile created on: 12.08.2012 02:04:23 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Admin\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,80% Memory free 5,98 Gb Paging File | 5,10 Gb Available in Paging File | 85,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,78 Gb Total Space | 151,97 Gb Free Space | 65,29% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 218,39 Gb Free Space | 93,78% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.11 22:59:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.07.05 20:37:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.06 13:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.11.10 17:57:00 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2009.11.05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009.11.05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 23:56:26 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.09.08 23:56:00 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2007.05.31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.08.11 02:41:07 | 000,217,088 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\update00.b.exe MOD - [2012.06.14 11:22:07 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.14 11:21:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 11:21:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 03:21:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 03:20:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 03:20:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 03:20:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 03:19:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.08.09 22:01:02 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3538.38534__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.08.09 22:01:02 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3538.38505__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.08.09 22:01:02 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3538.38415__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3538.38435__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.08.09 22:01:02 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3538.38504__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:02 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.08.09 22:01:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3538.38485__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3538.38424__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:02 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3538.38467__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3538.38505__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3538.38504__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3538.38429__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.08.09 22:01:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3538.38458__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.08.09 22:01:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3538.38424__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 001,011,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3538.38530__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3538.38460__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3538.38436__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3538.38480__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.08.09 22:01:01 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3538.38454__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3538.38466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3538.38440__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.08.09 22:01:01 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3538.38435__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.08.09 22:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3538.38465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.08.09 22:01:01 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3538.38460__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.08.09 22:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3538.38465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3538.38440__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.08.09 22:01:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3538.38466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.08.09 22:01:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.08.09 22:01:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.08.09 22:01:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.08.09 22:01:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.08.09 22:01:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.08.09 22:01:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.08.09 22:01:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.08.09 22:01:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.08.09 22:01:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.08.09 22:01:01 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.08.09 22:01:00 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3538.38420__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.08.09 22:01:00 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3538.38429__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.08.09 22:01:00 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3538.38499__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.08.09 22:01:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3538.38498__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.08.09 22:01:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3538.38414__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.08.09 22:01:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3538.38413__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.08.09 22:01:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.08.09 22:01:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3538.38510__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.08.09 22:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.08.09 22:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.08.09 22:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.08.09 22:01:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.08.09 22:01:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.08.09 22:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.08.09 22:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.08.09 22:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.08.09 22:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.08.09 22:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.08.09 22:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.08.09 22:01:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3538.38413__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.08.09 22:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3538.38411__90ba9c70f846762e\APM.Server.dll MOD - [2010.08.09 22:00:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3538.38412__90ba9c70f846762e\AEM.Server.dll MOD - [2010.08.09 22:00:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.08.09 22:00:59 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3538.38499__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.11.03 13:26:26 | 000,058,680 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009.10.18 15:20:10 | 007,980,344 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2009.05.04 10:45:14 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.02 22:58:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.07.20 14:24:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.05 20:37:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.06 13:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.11.05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.08 23:56:00 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.08.12 00:56:53 | 000,100,864 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\aglorpod.sys -- (aglorpod) DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.27 01:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.09.22 17:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.09.17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.09.09 00:31:10 | 005,174,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.24 15:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.02 14:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2009.06.22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect) DRV - [2009.05.20 18:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.10 FF - prefs.js..extensions.enabledItems: sam@samfind.com:2.2.4 FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7 FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.93.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 14:24:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 14:24:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.26 00:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.08.26 00:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 12:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\av6hgwk7.default\extensions [2012.02.04 12:00:41 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\av6hgwk7.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2012.01.01 17:14:43 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\av6hgwk7.default\extensions\2020Player_IKEA@2020Technologies.com [2011.12.18 23:20:48 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\av6hgwk7.default\extensions\sam@samfind.com [2012.02.27 04:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.25 17:38:38 | 000,060,945 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AV6HGWK7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.07.20 14:24:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.20 14:24:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.20 14:24:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.20 14:24:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 14:24:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 14:24:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 14:24:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3B90EB-3275-4F0B-B581-485F2B9EDFFE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F368BAC2-682F-4EEF-8FF5-3A0719FF689F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\Shell - "" = AutoRun O33 - MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\Shell\AutoRun\command - "" = F:\EasySuite.exe O33 - MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\Shell - "" = AutoRun O33 - MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\Shell\AutoRun\command - "" = F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 00:56:53 | 000,100,864 | ---- | C] (GMER) -- C:\aglorpod.sys [2012.08.12 00:52:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.08.12 00:52:22 | 007,239,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-rules.exe [2012.08.10 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\microSD-Karteninhalt [2012.08.10 19:37:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\mp3 [2012.08.02 22:58:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012.07.29 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira [2012.07.29 19:34:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.07.29 19:34:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.07.29 19:34:52 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.29 19:34:52 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.29 19:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.29 19:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.07.19 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Gemeinsame Dateien\Documents\PcSetup [2012.07.19 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PearlMountainSoft [2012.07.19 22:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PearlMountainSoft [2012.07.19 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\.jordan [2012.07.18 18:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2012.07.18 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2012.07.18 02:32:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVS4YOU [2012.07.18 02:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.07.18 02:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2012.07.18 02:08:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\ostern [2012.07.18 02:01:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Auswahl Danksagung [2012.07.17 16:53:44 | 000,000,000 | ---D | C] -- C:\output [2012.07.17 16:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann-Software [2012.07.16 02:03:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A28F694-CF93-4789-8FF4-14388B5EC348} [2012.07.16 02:02:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{80805DBD-070A-4352-81F2-DEB8431E6D00} [2012.07.16 00:25:18 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.07.16 00:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.07.16 00:18:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bilder Hochzeit [2012.07.16 00:13:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.16 00:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.07.16 00:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.09.08 08:54:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Admin\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.08.12 00:56:53 | 000,100,864 | ---- | M] (GMER) -- C:\aglorpod.sys [2012.08.12 00:53:14 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.08.12 00:37:55 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 00:37:55 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 00:30:11 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2012.08.12 00:30:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2012.08.12 00:30:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 00:29:56 | 2407,743,488 | -HS- | M] () -- C:\hiberfil.sys [2012.08.12 00:16:09 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2012.08.11 23:40:21 | 003,762,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.11 23:02:32 | 007,239,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-rules.exe [2012.08.11 23:02:28 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.08.11 23:00:46 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\j05umww4.exe [2012.08.11 22:59:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.08.11 02:46:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad [2012.08.11 02:41:11 | 000,001,889 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.10 19:43:43 | 000,694,664 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.08.10 19:43:43 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.10 19:43:43 | 000,623,378 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2012.08.10 19:43:43 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.10 19:43:43 | 000,130,374 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.08.10 19:43:43 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.10 19:43:43 | 000,122,022 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2012.08.10 19:43:43 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.21 19:00:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad [2012.07.19 22:18:10 | 000,087,608 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\inst.exe [2012.07.19 22:18:10 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Admin\AppData\Roaming\pcouffin.sys [2012.07.19 22:18:10 | 000,007,887 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\pcouffin.cat [2012.07.19 22:18:10 | 000,001,144 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\pcouffin.inf [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.07.17 16:58:39 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk ========== Files Created - No Company Name ========== [2012.08.12 00:53:14 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.08.12 00:52:26 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.08.12 00:52:21 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\j05umww4.exe [2012.08.11 02:41:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad [2012.08.11 02:41:11 | 000,001,889 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.21 04:06:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad [2012.07.17 16:58:39 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk [2012.07.16 00:24:39 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.07.16 00:24:13 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.07.05 14:05:34 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.05 14:05:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2012.05.20 11:52:37 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat [2012.05.20 11:52:36 | 000,623,378 | ---- | C] () -- C:\Windows\System32\perfh005.dat [2012.05.20 11:52:36 | 000,122,022 | ---- | C] () -- C:\Windows\System32\perfc005.dat [2012.05.20 11:52:36 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat [2012.05.20 11:38:25 | 000,694,664 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2012.05.20 11:38:25 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2012.05.20 11:38:25 | 000,130,374 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2012.05.20 11:38:25 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2012.02.25 18:36:59 | 000,002,650 | ---- | C] () -- C:\Windows\mozver.dat [2011.10.12 23:24:52 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.08.11 01:05:22 | 000,000,058 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\you.bmp [2011.08.09 03:38:43 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.05.27 14:42:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.27 14:40:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.20 22:31:50 | 000,004,096 | -H-- | C] () -- C:\Users\Admin\AppData\Local\keyfile3.drm [2011.02.19 04:13:45 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.09.08 08:55:45 | 000,001,057 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\vso_ts_preview.xml [2010.09.08 08:54:12 | 000,087,608 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\inst.exe [2010.09.08 08:54:12 | 000,007,887 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\pcouffin.cat [2010.09.08 08:54:12 | 000,001,144 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\pcouffin.inf ========== LOP Check ========== [2011.02.19 01:21:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AnvSoft [2011.04.22 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon [2011.12.19 20:41:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2011.02.19 03:24:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.02.18 22:57:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.29 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EasySuite [2010.08.31 10:26:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.09.05 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo [2012.07.19 22:07:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PearlMountainSoft [2012.08.03 22:03:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhotoScape [2011.08.17 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Reba [2011.02.19 04:13:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SourceTec [2011.08.03 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.02.06 03:07:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2010.08.26 00:05:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2010.09.05 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\toshiba [2011.02.19 00:47:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2012.07.19 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vso [2010.08.09 21:44:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch [2011.08.19 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zoed [2012.08.11 23:40:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.08.2012 00:58:29 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Admin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,51% Memory free
5,98 Gb Paging File | 5,16 Gb Available in Paging File | 86,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 151,98 Gb Free Space | 65,29% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 218,39 Gb Free Space | 93,78% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B55E6EC-4F34-431F-97E1-A5CFFE45564E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D63D4B1-2220-4ABE-AEFA-325368CB7644}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3632CD2A-986A-4E1A-BF9A-A29E40D82612}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E323E7C-4812-4E0F-BD44-9AD33BC0E218}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{42110BFD-A377-44B1-B509-05734E887A6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{467139A8-62B5-49CF-9072-74C4B969BCBD}" = rport=138 | protocol=17 | dir=out | app=system |
"{47EFD7A8-6433-4339-888E-9697672D2471}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EB9ACAA-D10E-444C-9CDD-8C013985E0B7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C0DDF7A-CEB7-405B-A404-1D3AE8A6C63A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61AE96D2-DCBD-4684-985E-49FE47F80EB7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{631D1768-A4A5-4497-BAD7-63C3767321F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{63D1E5A0-9D4C-43AD-8F19-29ADC4BC6ED5}" = rport=139 | protocol=6 | dir=out | app=system |
"{705999CD-0025-485A-B337-B5E9A50DF890}" = lport=138 | protocol=17 | dir=in | app=system |
"{746A7BFD-1B1B-426D-A726-EE6868D6A7DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F6167F4-967F-4433-87E8-693E66472A08}" = rport=445 | protocol=6 | dir=out | app=system |
"{B94F3B3B-018D-41A2-9166-E0D56F17F605}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBE9D28F-00C9-4BF2-B171-7A64C3FE1444}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4299EE3-CD02-4404-8C53-8B4F63CB50EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E0FF0B8C-3544-4ECB-B999-02CF747E8152}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1B22780-CB48-4444-B4E2-4C38A6610B77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE0A3F5F-4C72-423F-8FC3-9306B71379DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F447F5F2-40A9-4537-BB4E-E4F91270948F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FA6D8F57-232F-476A-ABBC-A758239E1B87}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0759F2B1-EFBB-4B4E-A0B4-98FBF8378B66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09797BEC-905D-48D0-9E4B-592E19475B0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1148EBC0-0029-46A3-BA0D-8A4B63B37E4A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1265438D-A5AD-44E2-9202-298ACA10E550}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C890B21-D01E-46D6-BAAA-F4EF06A4D887}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43C4676D-022D-42E5-8D1B-A664843AAC8F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{51894CE3-BDD2-46C5-80B3-6A234C6379AB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5FE95DE0-4F27-4C09-BF1F-DFF4942CEDDE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{635677F6-7790-4A4B-B01D-E606A369BFB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{696F6C16-BE9B-406D-A0C5-C7011D616599}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F316ECE-07F2-4BFA-BF43-E6C50B9E8FB7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8078AD41-9E6D-43D4-9026-5699399C60F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{9E843E82-84E1-4567-8258-8D893730AF2A}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{A4BAD7BD-D425-4B5B-80D8-28C46DC213DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7D6668C-D42E-4D06-A0DE-A6841FA0B335}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{AC3F9E73-4BF1-442D-87AE-4C3BB5685E68}" = protocol=6 | dir=out | app=system |
"{AEDEFF62-897E-49A3-BFD6-6AD68BD7098F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7C4CFE9-5039-49FF-9777-23AF62C2ED28}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BA97969A-A3A5-4613-B30D-3D78489E74CC}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BF2E0808-DC92-4D41-B808-01200BDE25A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9D777FA-5F91-46FA-92B9-961E67C58A18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5034905-1556-4170-962E-B6D034A7D084}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8566CFC-D0DD-46EB-BB15-946CAF556A7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED276795-0E87-4855-A5D9-6BE13B67A5F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F26E6F77-F378-41F5-8524-7BB73EDA0C05}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F82ED5AB-92D4-4A0C-B4EF-2A9FFBEB979F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FBA8CDB9-E75B-4B0F-9A26-97229D554297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC5CE944-740E-4F5F-9A97-593335722D64}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{40A76A9F-ED1A-4DC0-A80F-35234BB2C971}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{469B139E-3455-4510-BD0E-998783D2D8FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{12B4A53D-33D0-46D7-A6F9-F5F2D1E402C1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{143AA7DA-7E79-4368-8D7A-85602F1D1F04}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00763F56-1FE5-DA9F-A43E-53F5D46D6E7E}" = CCC Help Dutch
"{02F2BA99-3AFA-F0E6-969B-E6443A469967}" = Catalyst Control Center InstallProxy
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{084144E0-8719-9E07-49F9-D728A7533B32}" = CCC Help Russian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB58D13-A9CB-7599-DE28-D17205A3D381}" = Catalyst Control Center Graphics Previews Common
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1901B979-96F2-3330-D875-4803F233CF47}" = CCC Help Finnish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2404C7F8-65CC-9408-F08E-73996B998A7D}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{290CD70B-6E45-7381-CDC4-45E582F49C60}" = Catalyst Control Center Graphics Previews Vista
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFDADDF-5107-5CB7-1E9C-66E881680F25}" = CCC Help Turkish
"{320F5494-8DB9-10CD-6122-05299B9A4DAD}" = Catalyst Control Center Graphics Full New
"{327302DA-42B3-CF80-A242-E7E16FB6BB91}" = ATI Catalyst Install Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39987616-5DF2-CDFA-761C-75E66743CE80}" = CCC Help Portuguese
"{3BCF8458-04BA-EBB7-3EDD-BFD188230DBE}" = CCC Help Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45D6FC55-A7CA-1EEA-C038-70998C3D190A}" = CCC Help Spanish
"{46D0CFB0-D3F7-6D32-8FBF-2F848F7ECA79}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D76C6A4-A8AC-B6FF-C334-E6CBB7471C44}" = Catalyst Control Center Core Implementation
"{53173451-0DDE-97E9-B6FE-1D068DBF2AF8}" = CCC Help Chinese Standard
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67753C59-3BB3-7CBB-7B10-F47CE982082F}" = CCC Help German
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABF4A27-C269-88EB-1CA8-5A1D78A2FF08}" = ccc-core-static
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{767F1CF5-6140-BCF3-549E-69B273099EC9}" = CCC Help Polish
"{7C4F9145-AEDA-55D4-3F5F-BCA89EA300E2}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3D00A7-F448-D3A3-BC79-CD603AEBC2F5}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9817543D-592D-CDA9-B8E5-E7BB8DA63F45}" = CCC Help Chinese Traditional
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9DA30596-3A38-06B3-5EA2-8AF4B4FE27F2}" = CCC Help Hungarian
"{A0A61E1A-47BA-DD0F-8B31-2BA14B059258}" = CCC Help Japanese
"{A2690E7C-D909-4AE6-7C84-F1AC267A9020}" = Catalyst Control Center Graphics Full Existing
"{A35391E7-4D75-FD08-CBE4-0A9DFB944294}" = CCC Help Korean
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B5ACFC20-FA4B-3448-431E-D0107C55E435}" = CCC Help English
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D05CD952-F58E-D2AC-D6EA-4178331A356C}" = CCC Help Thai
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D408ADFE-DC5B-CA9A-4131-E4D870B07354}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8B28B89-FF29-9092-19BC-B2B6779FFA9F}" = Catalyst Control Center Localization All
"{EB46ED09-96A4-3768-D924-B0A105B91D0A}" = ccc-utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7776077-24D8-A51B-1580-46BB742EE0BC}" = CCC Help Greek
"{F92DCCC1-0371-916E-78A3-BF9788D39152}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DF CrcSfv_is1" = DF CrcSfv 1.3
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoScape" = PhotoScape
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2012 18:39:37 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\tc40097100a.temp\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:39:59 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pfta6cb~tmp\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:40:00 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pfta6cb~tmp\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:40:03 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pfta6cb~tmp\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:40:16 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pftced4~tmp\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:40:16 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pftced4~tmp\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.08.2012 18:40:20 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Admin\AppData\Local\Temp\pftced4~tmp\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2012 17:41:06 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TOSHIBA\TOSHIBA
Web Camera Application\TWebCamera.exe". Die abhängige Assemblierung "Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2012 18:16:40 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TOSHIBA\TOSHIBA
Web Camera Application\TWebCamera.exe". Die abhängige Assemblierung "Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2012 18:30:23 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TOSHIBA\TOSHIBA
Web Camera Application\TWebCamera.exe". Die abhängige Assemblierung "Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 29.08.2010 11:11:15 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 17:11:09 - Fehler beim Herstellen der Internetverbindung. 17:11:09
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2010 09:02:51 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:02:50 - Fehler beim Herstellen der Internetverbindung. 15:02:50
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2010 09:03:01 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:02:56 - Fehler beim Herstellen der Internetverbindung. 15:02:56
- Serververbindung konnte nicht hergestellt werden..
Error - 21.10.2010 09:24:49 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:24:43 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 13.01.2011 13:28:48 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 18:28:47 - Fehler beim Herstellen der Internetverbindung. 18:28:48
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2011 13:28:57 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 18:28:53 - Fehler beim Herstellen der Internetverbindung. 18:28:53
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2011 14:29:04 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 19:29:04 - Fehler beim Herstellen der Internetverbindung. 19:29:04
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2011 14:29:12 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 19:29:09 - Fehler beim Herstellen der Internetverbindung. 19:29:09
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2011 16:07:24 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 21:07:24 - Fehler beim Herstellen der Internetverbindung. 21:07:24
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2011 16:08:29 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 21:07:29 - Fehler beim Herstellen der Internetverbindung. 21:07:29
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.08.2012 18:16:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 11.08.2012 18:16:09 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 11.08.2012 18:16:09 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.08.2012 18:19:51 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2012 um 00:17:50 unerwartet heruntergefahren.
Error - 11.08.2012 18:30:07 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2012 um 00:22:38 unerwartet heruntergefahren.
Error - 11.08.2012 18:30:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Planer erreicht.
Error - 11.08.2012 18:30:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 11.08.2012 18:30:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 11.08.2012 18:30:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.08.2012 18:32:51 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-12 08:15:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2500BH_G2 rev.00400018
Running: j05umww4.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- System - GMER 1.0.15 ----
SSDT 914C86AE ZwCreateSection
SSDT 914C86B8 ZwRequestWaitReplyPort
SSDT 914C86B3 ZwSetContextThread
SSDT 914C86BD ZwSetSecurityObject
SSDT 914C86C2 ZwSystemDebugControl
SSDT 914C864F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832763C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832AFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832B6EAC 4 Bytes [AE, 86, 4C, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832B7208 4 Bytes [B8, 86, 4C, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832B724C 4 Bytes [B3, 86, 4C, 91] {MOV BL, 0x86; DEC ESP; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832B72C8 4 Bytes [BD, 86, 4C, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832B731C 4 Bytes [C2, 86, 4C, 91] {RET 0x4c86; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B9B1000, 0x3C849, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B9F6000, 0x3DC, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91C21000, 0x2DED1E, 0xE8000020]
PAGE peauth.sys 9C82CC47 20 Bytes [7B, 16, CB, A6, E9, 60, B6, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExW 76F1EC7C 5 Bytes JMP 6B5538A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamW 76F33B9B 5 Bytes JMP 6B487F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamW 76F43B7F 5 Bytes JMP 6B68FEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamA 76F5CF42 5 Bytes JMP 6B68FE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamA 76F5D274 5 Bytes JMP 6B68FF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectA 76F6E869 5 Bytes JMP 6B68FE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectW 76F6E963 5 Bytes JMP 6B68FDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExA 76F6E9C9 5 Bytes JMP 6B68FD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExW 76F6E9ED 5 Bytes JMP 6B68FCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!CallNextHookEx 76F1ABE1 5 Bytes JMP 6B4C3CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!UnhookWindowsHookEx 76F1ADF9 5 Bytes JMP 6B57D91F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!SetWindowsHookExW 76F1E30C 5 Bytes JMP 6B517DE1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!CreateWindowExW 76F1EC7C 5 Bytes JMP 6B5538A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxParamW 76F33B9B 5 Bytes JMP 6B487F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxIndirectParamW 76F43B7F 5 Bytes JMP 6B68FEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxParamA 76F5CF42 5 Bytes JMP 6B68FE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxIndirectParamA 76F5D274 5 Bytes JMP 6B68FF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxIndirectA 76F6E869 5 Bytes JMP 6B68FE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxIndirectW 76F6E963 5 Bytes JMP 6B68FDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxExA 76F6E9C9 5 Bytes JMP 6B68FD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxExW 76F6E9ED 5 Bytes JMP 6B68FCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] ole32.dll!OleLoadFromStream 75DC6143 5 Bytes JMP 6B69024B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] ole32.dll!CoCreateInstance 75E09D0B 5 Bytes JMP 6B553432 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -597617216
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30242832
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -597461216
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30242832
---- EOF - GMER 1.0.15 ----
|
|
13.08.2012, 13:17
| #2 |
| /// Helfer-Team  | 100 Euro wegen angeblicher illegaler Sachen bezahlen Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.08.11 02:41:07 | 000,217,088 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\update00.b.exe
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.10
FF - prefs.js..extensions.enabledItems: sam@samfind.com:2.2.4
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7
FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.93.0
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\Shell - "" = AutoRun
O33 - MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\Shell - "" = AutoRun
O33 - MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\Shell\AutoRun\command - "" = F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
[2012.08.12 00:30:11 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012.08.11 23:00:46 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\j05umww4.exe
[2012.08.11 02:46:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad
[2012.08.11 02:41:11 | 000,001,889 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.21 19:00:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 22:18:10 | 000,087,608 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\inst.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
14.08.2012, 10:15
| #3 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen Danke erstmal für die Antwort. Habe die Schritte durchgeführt und hier sind die Logs.
__________________BEi MAM habe ich die Funde allerdings nicht gelöscht sondern so gelassen wie es ist. Oder sollte ich diese etwa löschen? Hier die Logs: OTL Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.10 removed from extensions.enabledItems
Prefs.js: sam@samfind.com:2.2.4 removed from extensions.enabledItems
Prefs.js: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7 removed from extensions.enabledItems
Prefs.js: 2020Player_IKEA@2020Technologies.com:5.0.93.0 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f462078-c792-11df-832a-705ab6c6043b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f462078-c792-11df-832a-705ab6c6043b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f462078-c792-11df-832a-705ab6c6043b}\ not found.
File F:\EasySuite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66fa7604-74e0-11e1-9a51-705ab6c6043b}\ not found.
File F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 not found.
C:\Windows\System32\rpcnetp.exe moved successfully.
File C:\Users\Admin\Desktop\j05umww4.exe not found.
File C:\ProgramData\00etadpu.pad not found.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
File C:\ProgramData\kp_0loor.pad not found.
File C:\Users\Admin\AppData\Roaming\inst.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 166356 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 240222938 bytes
->FireFox cache emptied: 55094381 bytes
->Flash cache emptied: 459852 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 203413773 bytes
RecycleBin emptied: 14327662739 bytes
Total Files Cleaned = 14.140,00 mb
[EMPTYFLASH]
User: Admin
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_001507
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/14/2012 at 10:54:21
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Admin\AppData\Local\Babylon
Folder Found : C:\Users\Admin\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Babylon
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\av6hgwk7.default\prefs.js
Found : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.DownloadedArray_67.name", "?Babylon_zoo___Spa[...]
*************************
AdwCleaner[R1].txt - [1268 octets] - [14/08/2012 10:54:21]
########## EOF - C:\AdwCleaner[R1].txt - [1396 octets] ##########
Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/14/2012 at 10:55:18
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Admin\AppData\Local\Babylon
Folder Deleted : C:\Users\Admin\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\av6hgwk7.default\prefs.js
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\av6hgwk7.default\user.js ... Deleted !
Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.DownloadedArray_67.name", "?Babylon_zoo___Spa[...]
*************************
AdwCleaner[R1].txt - [1397 octets] - [14/08/2012 10:54:21]
AdwCleaner[S1].txt - [1444 octets] - [14/08/2012 10:55:18]
########## EOF - C:\AdwCleaner[S1].txt - [1572 octets] ##########
|
|
14.08.2012, 11:50
| #4 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
14.08.2012, 13:47
| #5 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen So hier ist erst mal der MAM Log nachgereicht: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.13.04 Windows 7 Service Pack 1 x86 FAT Internet Explorer 8.0.7601.17514 Admin :: ADMIN-PC [Administrator] 14.08.2012 11:14:59 mbam-log-2012-08-14 (13-51-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354189 Laufzeit: 2 Stunde(n), 32 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 1 C:\_OTL\MovedFiles\08142012_000434\C_Users\Admin\AppData\Local\Temp\update00.b.exe (Trojan.Inject) -> Keine Aktion durchgeführt. (Ende) Edit: Update hat jetzt geklappt. Mfg Leider kann man nicht mehr editieren, daher hier die Emsisoft Anti Malware Log: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 14.08.2012 15:16:38
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 14.08.2012 15:22:27
c:\recycle.bin\ gefunden: Trace.File.spyeye!E1
C:\_OTL\MovedFiles\08142012_000434\C_Users\Admin\AppData\Local\Temp\update00.b.exe gefunden: Trojan.Win32.Agent.AMN!E1
C:\Users\Admin\Desktop\microSD-Karteninhalt\4 GB\Spiele - installieren\ducktales_23ht3kuy.jar -> an.class gefunden: JAVA.Agent!E2
Gescannt 622243
Gefunden 3
Scan Ende: 14.08.2012 16:03:14
Scan Zeit: 0:40:47
Geändert von tomatriga (14.08.2012 um 14:22 Uhr) |
|
14.08.2012, 15:22
| #6 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Welche Warnung? (die hab ich doch schon gekillt.) Internet einschalten!
__________________ --> 100 Euro wegen angeblicher illegaler Sachen bezahlen |
|
14.08.2012, 15:39
| #7 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen Die Warnung kam nicht mehr, habe den Rechner ja dann gescannt und vorher das Update durchgeführt. Der Log dazu ist dem vorigen Post von mir mit drin. |
|
14.08.2012, 16:01
| #8 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Sehr gut!  Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
14.08.2012, 19:27
| #9 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen So alles ausgeführt und hier das Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=14a8d2dd746f4043926dd249d36fbe48
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-14 06:25:11
# local_time=2012-08-14 08:25:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1375316 1375316 0 0
# compatibility_mode=5893 16776574 100 94 1375302 96589795 0 0
# compatibility_mode=8192 67108863 100 0 174 174 0 0
# scanned=182247
# found=0
# cleaned=0
# scan_time=10129
|
|
14.08.2012, 20:29
| #10 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
14.08.2012, 21:16
| #11 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen Alles erledigt, hier das was raus gekommen ist beim check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,271) ist aktuell. Java (1,7,0,5) ist aktuell. Adobe Reader 10,1,4,38 ist aktuell. |
|
15.08.2012, 08:51
| #12 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
15.08.2012, 11:43
| #13 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen Hallo, habe das durchgeführt allerdings bin ich mir beim ccCleaner nicht sicher wie ich die registry da fehler beheben lassen soll und wo ich die temporären Dateien lösche. Soll ich die Schritte wie sie in der Anleitung sind auch durchführen und wenn ja vorher oder nach dem fehler beheben? Mfg Eit: Hat sich erledigt, habs gefunden. Sorry für das Posting. |
|
15.08.2012, 13:00
| #14 |
| /// Helfer-Team | 100 Euro wegen angeblicher illegaler Sachen bezahlen Schoen, dass dir das auffaellt! Ich verlinke die Anleitung, weil man es nicht aus Spass tun soll. Hier ist es aber geboten. Bitte Registry Clean rotzdem ausfuehren. |
|
15.08.2012, 13:09
| #15 |
| | 100 Euro wegen angeblicher illegaler Sachen bezahlen Ok, das habe ich gemacht, somit ist das System wieder sauber und kann weiter genutzt werden. Die zusätzliche Literatur welche du verlinkt hast, bin ich gerade mal dabei durchzulesen und zu beherzigen. Danke dafür. |
|
| Themen zu 100 Euro wegen angeblicher illegaler Sachen bezahlen |
| 7-zip, antivir, autorun, avira, bho, branding, canon, converter, downloader, error, euro, excel, fehler, firefox, flash player, format, helper, install.exe, internet, locker, logfile, mozilla, mp3, plug-in, realtek, registry, rundll, security, software, svchost.exe, usb 2.0, windows |
