| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.08.2012, 22:55
| #1 |
| |  RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) Hallo Trojaner-Board-Community, ich habe hier vor mir einen PC auf dem der GVU-Trojaner 2.07 war/ ist. Nachdem ich mich etwas im Internet belesen habe, trennte ich den PC zuerst vom Internet und löschte dann nach einem Neustart die Datei "roper0dun.exe". Diese Schritte wurden auf einer Website beschrieben, welche ich leider nicht mehr vor mir habe. Somit kann ich den Link dorthin leider nicht hier einfügen. Die Seite war blog.botfrei.de. Nachdem ich den PC nach der Löschung wieder neustartete erschien folgendes Fenster: Anhang 42333 Jetzt habe ich das Thema "Für alle Hilfesuchenden!" durchgearbeitet und hoffe nichts vergessen zu haben und alles richtig zu machen im Folgenden. Vorab das der Inhalt des Malware-Logfiles, welches 5 Meldungen beinhaltet: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 MadMax :: TOWER [Administrator] Schutz: Deaktiviert 31.08.2012 00:01:09 mbam-log-2012-08-31 (00-04-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 184793 Laufzeit: 3 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.cfg (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.xtr (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Hier die anderen Logfiles: OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2012 23:21:23 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\MadMax\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,59% Memory free 5,99 Gb Paging File | 5,01 Gb Available in Paging File | 83,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,19 Gb Total Space | 9,49 Gb Free Space | 11,41% Space Free | Partition Type: NTFS Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Computer Name: TOWER | User Name: MadMax | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.30 22:28:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\MadMax\Downloads\OTL.exe PRC - [2012.08.09 00:10:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe PRC - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:07:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.09 15:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe PRC - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe PRC - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.08.03 00:32:21 | 000,115,137 | ---- | M] () -- C:\Users\MadMax\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll MOD - [2012.06.14 17:26:40 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.14 17:24:00 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.14 17:23:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.14 17:23:36 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.14 17:23:34 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.11 23:16:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.11 23:06:32 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 23:06:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.11 22:58:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 22:55:49 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.11 22:55:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.11 22:55:34 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.11 22:55:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll ========== Services (SafeList) ========== SRV - [2012.08.27 18:45:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.05.08 13:07:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:07:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2011.07.25 20:07:39 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.06.23 08:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM) DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.11.11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) DRV - [2010.11.11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.11.11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.04.24 09:18:40 | 010,472,960 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M] [2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Extensions [2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions [2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml [2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml [2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml [2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MADMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll CHR - Extension: Music Notation Training = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\ CHR - Extension: YouTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Guitar Pro Viewer = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\ CHR - Extension: AdBlock = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: History Eraser = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\ CHR - Extension: Dropbox = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\ CHR - Extension: Google Maps = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\ CHR - Extension: Google Mail-Checker = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Facebook Notifications = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck turegopt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Malwarebytes [2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Cyanogenmod7_BU [2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Samsung_BU [2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Handy [2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Local\Proxure [2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center [2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Foxit Software [2012.08.01 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\MadMax\AppData\Roaming\pcouffin.sys [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\MadMax\defogger_reenable [2012.08.30 22:51:36 | 000,020,191 | ---- | M] () -- C:\Users\MadMax\Desktop\RunDLL.JPG [2012.08.30 22:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 22:13:55 | 003,694,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.30 17:10:00 | 000,001,889 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.27 00:39:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.27 00:39:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.27 00:39:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.27 00:39:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\MadMax\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep2.JPG [2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep.JPG [30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\MadMax\defogger_reenable [2012.08.30 22:51:32 | 000,020,191 | ---- | C] () -- C:\Users\MadMax\Desktop\RunDLL.JPG [2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 22:13:42 | 003,694,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.30 17:10:00 | 000,001,889 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\MadMax\Desktop\sommer2012.mp4 [2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep2.JPG [2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep.JPG [2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\MadMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\MadMax\AppData\Local\Resmon.ResmonCfg [2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\MadMax\Foto.JPG [2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\MadMax\Foto(1).JPG [2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.cfg [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamShapes.ini [2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamLayout.ini [2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Camdata.ini [2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.ini [2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.Data.ini [2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.command [2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll [2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe [2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll [2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll [2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll [2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll [2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll [2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll [2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll [2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\vso_ts_preview.xml [2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\inst.exe [2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.cat [2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.inf [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys [2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll ========== LOP Check ========== [2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Azureus [2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Canon [2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\DAEMON Tools Lite [2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Dropbox [2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Foxit Software [2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\install [2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\KeePass [2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LG Electronics [2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LGSync [2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\ManyCam [2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\NaviCoder IDE for Java [2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Photodex [2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\PhotoScape [2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Samsung [2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\SmartTools [2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TeamViewer [2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Temp [2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Thunderbird [2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TuneUp Software [2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Ubisoft [2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Vso [2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\WebcamMax [2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2012 23:14:51 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\MadMax\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,36% Memory free
5,99 Gb Paging File | 4,80 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 9,57 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Computer Name: TOWER | User Name: MadMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system |
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system |
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe |
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe |
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 14:10:15 | Computer Name = Tower | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 13
Description =
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 12292
Description =
[ System Events ]
Error - 30.04.2012 09:07:32 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 23:39:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 Hitachi_HDT721016SLA380 rev.ST1OA3AA
Running: rzsv3csd.exe; Driver: C:\Users\MadMax\AppData\Local\Temp\kxldipow.sys
---- System - GMER 1.0.15 ----
SSDT 923E479E ZwCreateSection
SSDT 923E47A8 ZwRequestWaitReplyPort
SSDT 923E47A3 ZwSetContextThread
SSDT 923E47AD ZwSetSecurityObject
SSDT 923E47B2 ZwSystemDebugControl
SSDT 923E473F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C3C989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5C4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C6387C 4 Bytes [9E, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C63BD8 4 Bytes [A8, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C63C1C 4 Bytes [A3, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C63C98 4 Bytes [AD, 47, 3E, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C63CEC 4 Bytes JMP C10DEF73
.text ...
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[2368] ntdll.dll!DbgUiRemoteBreakin 7762F17D 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x62 0x70 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0x54 0x33 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xC1 0xA1 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x62 0x70 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0x54 0x33 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xC1 0xA1 0xC5 ...
---- EOF - GMER 1.0.15 ----
Vielen Dank im Voraus für euere Hilfe! Geändert von chillkröte86 (30.08.2012 um 23:07 Uhr) |
| Themen zu RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) |
| adblock, antivir, application/pdf:, autorun, avg, avira, bho, defender, desktop, document, eraser, error, fehler, firefox, flash player, format, google, helper, homepage, install.exe, internet, jdownloader, langs, locker, ntdll.dll, plug-in, prozessor, registry, scan, security, software, svchost.exe, tower, udp, warnung, windows |
Baum-Darstellung