| |
| |||||||
Log-Analyse und Auswertung: Bundestrojaner endgültig entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.11.2012, 17:05
| #1 |
| |  Bundestrojaner endgültig entfernen? Hallo, ich habe mir vor 1 Woche bei einer Seite wo man kinofilme anschauen kann einen Bundestrojaner eingefangen. Als ich dann am nächsten tag meinen laptop wieder hochgefahren habe kam nur noch diese fake seite des bundes wo man 100euro zahlen soll und einem gedroht wird die festplatte zu sperren. Außerdem konnte ich auch sonst nichts mehr anklicken und auch nicht mal den task manager öffnen. Dann bin ich in den abgesicherten modus reingegangen und hab mehrmals versucht eine systemwiederherstellung zu machen. hat aber nicht geklappt weil angeblich ein antivirusprogramm geöffnet sein sollte. ka wieso. Als ich dann nach der erfolglosen systemwiederherstellung auf schließen geklickt habe, würd ich auf mein desktop weitergeleitet wo ich aufeinmal wieder normal auf alles zugreifen konnte. Als ich dann am nächsten tag den pc wieder normal hochgefahren habe hatte ich wieder das gleiche problem. also alles wieder von vorne so das ich wieder auf mein desktop zugreifen konnte und dann bin ich hier auf diese seite gestoßen, wo ich das anti malwareprogramm runtergeladen habe und 3 viren o.ä. gelöscht habe. Danach hat jetzt alles wieder normal geklappt aber so wie ich überall lese soll damit noch nicht alles entfernt sein. Hier erstmal der report davon: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: *****-HP [Administrator] Schutz: Aktiviert 19.11.2012 21:58:56 mbam-log-2012-11-19 (21-58-56).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201243 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\*****\AppData\Roaming\msconfig.dat -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\*****\AppData\Roaming\msconfig.dat (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) So dann hab ich jetzt also noch dieses OTL installiert und das der report davon: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.11.2012 16:18:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 59,90% Memory free
7,49 Gb Paging File | 5,57 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,99 Gb Total Space | 188,12 Gb Free Space | 66,95% Space Free | Partition Type: NTFS
Drive D: | 16,80 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Computer Name: *****-HP | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F67243F-A546-4AB6-9402-DFDF7261F997}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50EE5B50-6935-4DCB-B3CE-1B5F16DBD6D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55A9FD99-3435-4CEF-A6E1-29F030455EFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E5A614F-4886-4871-94FE-EB6644AB3284}" = lport=445 | protocol=6 | dir=in | app=system |
"{68BA1B0B-B9A9-453B-B04A-662DEC77C1C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C2C268E-B39F-43BE-AA5F-7D1C9315873D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C8EAFD5-5972-41FE-80DD-27A98C327734}" = lport=138 | protocol=17 | dir=in | app=system |
"{6EFCE9E4-85F3-421D-A260-D7DEB696D495}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7678D7F3-0B34-4F3F-A4B8-4B8BA3C26AA3}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AF0A9C7-6E78-41DA-8242-3B936DA79CA9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89D27950-11A6-4782-A0E2-4C932B0D4BF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{98EF0F48-F4D2-4D03-A39F-275E82F8E91E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BFBA1D4-5C3D-4542-820F-0249B227FA84}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E09C3F9-DAF3-4C92-AC93-E1D7218E1AC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1709450-CE6D-4E0A-A142-6217920FEC8F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A42D4EDE-E3DC-4098-9530-881F150E99B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7FA2B01-BD6E-4043-9E7B-6F2A51111006}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD4E866B-20AB-440C-9DC1-6638AB7737A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF478619-FA19-46A2-95F0-34DDF47357CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B60FB359-6489-49DE-9FEA-CAF2AA1E3465}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7CBFC18-040F-4AE1-A7DE-453581739A06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3B7F01C-FB6E-447D-B12D-5D5ACF98FC47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF5DC715-EC87-4D9A-A95A-8714B8B0DFCB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E27124A4-0B05-49A8-9172-6E5A699D0D9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE714E80-8D5C-4C93-970E-FC6D1E9FFB5A}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06724E63-DF93-4316-AB91-EB897DBBB37A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{0A15EAAE-C00A-4865-8ED4-99FFB7F8908E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{10408137-9C88-408C-AB3D-86C2CA544EBE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{133917D9-5200-4BC4-B5D3-B2638702CB3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15AB8543-679F-48DB-9C63-E1637C2FA155}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FC186C3-784C-4A95-9D33-8A6A51741F7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21746529-9C32-4AD2-91C8-EB68428B47A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{21F79741-75E5-4BF9-90C1-A3C999F56F64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23D1C984-438B-4A46-B7D4-7AA5E6513800}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C0B0AD1-AFF4-4A5A-95AE-1C9B97880438}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37F287EA-C5A9-4A5C-9305-5AB826F6F813}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40F3B5FC-84D3-4DD4-BEA8-C65208EEC7E7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{43F9044A-D4AA-42E7-8EA8-A68A14DF1F89}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4774B65E-2DA3-4BC2-927F-CFC880B5A9A4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4E323E8C-1E21-419A-8624-8EF44F265EC2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{569B78A9-0A29-4AD8-9620-A31BD6657C1B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5C5688FE-F0B3-4C6C-86D3-F3DA10CEA3A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DC76813-A5A2-40DA-9CE6-093BE992897D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E176347-F33A-49DE-8731-6490613BD5B6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6E965103-2AD3-416F-857A-2B0237D2812D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{747659DC-9C88-48D2-8026-DC24E696BC73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{765BF3F6-DF06-4FDA-9E8D-F3C1E65074BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A67778D-9576-45E2-BA67-161EF105E089}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{7DD8F93C-A7C3-46D4-856B-65D94DC4D915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8450D152-0B6B-43BE-84E3-6E0F322602C4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8869E03C-B49A-4268-B6E6-02E5AFA2FC21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B51DE8B-922C-43A9-9695-FC091B50FF91}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{8BD5C7C7-877A-41F7-B5FF-248C747B569C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C699C97-B6B7-43EB-B266-3F2F6581CC79}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{8D19DCA5-552E-4955-B1E3-DE1D11964DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8ED6AC82-41DE-467F-AFB9-B645E900E4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{934CEE1C-EEF9-46B7-9381-138FD76404FC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B8F13493-2309-46F6-BD44-10D0D14B991B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B96076AC-5C3F-43B6-A44A-4B4B11564A07}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B9A0B070-56A2-4B72-AC68-E393F925FC64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD25811F-2E29-4454-965B-454F1F2EA7A4}" = protocol=6 | dir=out | app=system |
"{C3DD5993-6C83-4B42-B7B5-9D0E83F60629}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{C79DA775-6B1B-4EE5-BB9B-062CC3A00D0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEB32993-2438-4E05-9CC0-B9C1C186AE7C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{D8264DAF-241F-40E9-9950-190C6A1403F3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{DC955125-D93E-4E27-BCC4-2FF7CCDAF7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{23841BCC-E059-4FE9-962E-2C8E03B91BA4}C:\users\****\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{5F7D5D49-CE1C-4316-A4F5-999C19B93B7E}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7EF2E507-76B4-4EA4-B112-DCEBD3FE1B92}C:\users\*****\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{995AD445-4002-4844-A44E-61A22E1E60C6}C:\users\******\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AE8330AE-0FD7-4E1B-A33D-26D7942A2B7D}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{4D4454FC-8716-42B1-AF97-5C20134C2957}C:\users\******\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{5AD23A1B-769C-4307-822B-03C0B7E425FA}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{79874F31-7B4A-4E0B-BE82-8A99B8EE2829}C:\users\******\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{991892B6-E8A0-4C07-9832-A8DCE98840FE}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{ED0B071C-7559-447D-B3CD-719BA2214075}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{42081A74-B2BB-B64E-ABF5-9CEE13974355}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{E0A6C0AA-8580-82CF-3D5F-5F32F8DE9A01}" = ccc-utility64
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{093B1CF6-C00F-BD98-A8B7-C20D0AB36074}" = Catalyst Control Center Graphics Light
"{0D901B50-9D9C-64A2-136E-7CC4DD9FBDB4}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{303D7F80-2108-9679-149F-64A7AEF13C26}" = CCC Help Czech
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B7301EA-5833-CDAC-E4A4-6442EEDEBD87}" = CCC Help Korean
"{3CD48ADA-3A4F-999C-2BAA-64DF229FF839}" = CCC Help Turkish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{553EFB44-564E-2F68-9A24-A59765B81000}" = CCC Help Russian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{671BF921-422D-BA7E-5158-5264ACE51C9D}" = CCC Help Portuguese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A65C27A-830B-77E6-43D1-52F236AF9A16}" = CCC Help Greek
"{7F75DDF4-09D6-7ED2-8DA9-61F0B57FCF81}" = CCC Help Dutch
"{8064A439-ACA7-3E32-3630-FC22155FEB4E}" = CCC Help English
"{810005FC-9F35-5EAB-1479-B1E7DEAB44D5}" = CCC Help Norwegian
"{820F8A24-8C77-3B64-D90A-C23D211BEDA9}" = Catalyst Control Center Graphics Previews Common
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89C0094C-9508-6BE5-8445-4ADDC9BD2681}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD8A5E-6B6A-C4DC-D2A7-02CD66702F31}" = Catalyst Control Center Core Implementation
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EEA74DA-5E7E-5E51-817C-FFAEACEBF3B3}" = CCC Help Chinese Traditional
"{8F8EDCB5-1042-4598-D413-1DD04FC7EA27}" = CCC Help Hungarian
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96EB53BC-8225-A97A-FF5C-B33F85DD5B86}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBDA769-3D13-095F-77BA-35AED9D54D4C}" = CCC Help Thai
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AB418F5A-4AB2-999B-19EA-8BB9C311B70C}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{BCE6F36E-4FA9-C700-CA8F-04EE0702FB32}" = CCC Help Spanish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5755376-76B8-52F7-7357-3E7CA61C7168}" = CCC Help Finnish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA12CCA6-A4C8-5796-C29E-4ADA9E5DE596}" = Catalyst Control Center Graphics Previews Vista
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE0F869E-2504-4F92-2BD2-DD996E7010B7}" = CCC Help Danish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2CB8122-63AF-D5C8-299F-C67A1EF343C3}" = CCC Help Polish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DEEF336C-5C79-3846-7AD1-7693CCA99659}" = CCC Help Chinese Standard
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E103722E-7E7F-5783-3685-DE7370908470}" = Catalyst Control Center InstallProxy
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6E7A082-A47D-7059-ACBD-36FDA02695EC}" = Catalyst Control Center Graphics Full New
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF83E9E7-FFE9-B86A-94C9-95D8F5EF2320}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CDD8A0-5E3B-F975-AA54-C725477E5067}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD71BC19-4A59-75F5-E4EF-4AEC3E6BF12E}" = CCC Help Japanese
"{FEC06A8C-01A7-5CF5-923F-CD2D34229E4B}" = CCC Help Swedish
"Adobe AIR" = Adobe AIR
"AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.64.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.11.2012 13:43:22 | Computer Name = *****-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVerScheduleService.exe, Version:
1.0.0.29, Zeitstempel: 0x493e420e Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002511c
ID
des fehlerhaften Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0x01cdbd0f578cc73c
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 9f331c50-2902-11e2-a453-1c659d7617d6
Error - 07.11.2012 16:39:36 | Computer Name = ******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel:
0x49ef8e09 Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.4971,
Zeitstempel: 0x4ef6c1d2 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00000000005191b9 ID
des fehlerhaften Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0x01cdbd0f920bdc63
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
Berichtskennung:
3de9e7df-291b-11e2-a453-68b599617822
Error - 08.11.2012 14:50:33 | Computer Name = *****-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVerScheduleService.exe, Version:
1.0.0.29, Zeitstempel: 0x493e420e Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002511c
ID
des fehlerhaften Prozesses: 0x6a0 Startzeit der fehlerhaften Anwendung: 0x01cdbde1e46795b9
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 2c2411c1-29d5-11e2-8fdd-68b599617822
Error - 08.11.2012 14:50:37 | Computer Name = *****-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 10.11.2012 18:21:36 | Computer Name = ******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVerScheduleService.exe, Version:
1.0.0.29, Zeitstempel: 0x493e420e Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002511c
ID
des fehlerhaften Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0x01cdbf91b54d2a97
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: fcc6c6e7-2b84-11e2-ada7-68b599617822
Error - 10.11.2012 18:25:36 | Computer Name = ******-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1134 Startzeit: 01cdbf9210894a92 Endzeit: 406 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 10.11.2012 18:49:06 | Computer Name = *****-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.11.2012 05:40:07 | Computer Name = ******-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVerScheduleService.exe, Version:
1.0.0.29, Zeitstempel: 0x493e420e Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002511c
ID
des fehlerhaften Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0x01cdbff07ee092f8
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: c6b54132-2be3-11e2-a387-1c659d7617d6
Error - 11.11.2012 13:22:08 | Computer Name = ****-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVerScheduleService.exe, Version:
1.0.0.29, Zeitstempel: 0x493e420e Name des fehlerhaften Moduls: RPCRT4.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002511c
ID
des fehlerhaften Prozesses: 0x6dc Startzeit der fehlerhaften Anwendung: 0x01cdc03109778930
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 51a3737e-2c24-11e2-bcd9-68b599617822
Error - 11.11.2012 13:22:11 | Computer Name = *****-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Hewlett-Packard Events ]
Error - 27.09.2012 08:11:30 | Computer Name = *****-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 03.10.2012 12:14:50 | Computer Name = *****-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 15:01:25 | Computer Name = ******-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 15:03:27 | Computer Name = ******-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 15:05:09 | Computer Name = *****-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 15:05:58 | Computer Name = *****-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 15:08:39 | Computer Name = ******-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 01.11.2012 08:57:29 | Computer Name = ******-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 01.11.2012 08:59:39 | Computer Name = ******-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 01.11.2012 09:01:14 | Computer Name = *****-HP | Source = HPSF.exe | ID = 4000
Description =
[ HP Software Framework Events ]
Error - 01.09.2012 13:48:13 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.09.01 19:48:13.076|00000B10|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 20.09.2012 07:08:48 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.09.20 13:08:48.663|00000DD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 20.09.2012 07:13:03 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.09.20 13:13:03.518|00001944|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 27.09.2012 08:08:05 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.09.27 14:08:05.328|0000164C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 25.10.2012 15:04:21 | Computer Name = ****-HP | Source = CaslWmi | ID = 5
Description = 2012.10.25 21:04:21.132|000016C0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 25.10.2012 15:10:13 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.10.25 21:10:13.984|00001014|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 01.11.2012 08:58:15 | Computer Name = *****-HP | Source = CaslWmi | ID = 5
Description = 2012.11.01 13:58:15.655|000008BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 01.11.2012 09:01:37 | Computer Name = ******-HP | Source = CaslWmi | ID = 5
Description = 2012.11.01 14:01:37.041|00001050|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 01.11.2012 09:02:06 | Computer Name = ******-HP | Source = CaslWmi | ID = 5
Description = 2012.11.01 14:02:06.459|000004BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 01.11.2012 09:02:08 | Computer Name = ****-HP | Source = hpCasl | ID = 5
Description = 2012.11.01 14:02:08.308|000004BC|Error |[hpcasl]Global::CheckforValidSignature{bool()}|Calling
process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\CASLExec.exe
does not have a valid signature. HP CASL loading aborted
[ HP Wireless Assistant Events ]
Error - 17.07.2011 17:13:47 | Computer Name = *****-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 17.07.2011 17:14:15 | Computer Name = ******-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 25.07.2011 15:55:12 | Computer Name = ******-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 25.07.2011 15:55:27 | Computer Name = *****-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 13.10.2011 11:34:09 | Computer Name = *****-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 13.10.2011 11:34:26 | Computer Name = ******-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 14.03.2012 13:04:57 | Computer Name = *****-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 14.03.2012 13:05:32 | Computer Name = *****-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 14.03.2012 13:15:58 | Computer Name = ******-HP | Source = HP WA Application | ID = 0
Description =
Error - 21.06.2012 07:23:58 | Computer Name = ******-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
[ Media Center Events ]
Error - 06.04.2011 06:41:49 | Computer Name = ****-HP | Source = MCUpdate | ID = 0
Description = 12:41:48 - Fehler beim Herstellen der Internetverbindung. 12:41:49
- Serververbindung konnte nicht hergestellt werden..
Error - 11.04.2011 16:23:31 | Computer Name = ******-HP | Source = MCUpdate | ID = 0
Description = 22:23:31 - Fehler beim Herstellen der Internetverbindung. 22:23:31
- Serververbindung konnte nicht hergestellt werden..
Error - 19.07.2011 08:35:52 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 14:35:52 - Fehler beim Herstellen der Internetverbindung. 14:35:52
- Serververbindung konnte nicht hergestellt werden..
Error - 19.07.2011 08:36:00 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 14:35:57 - Fehler beim Herstellen der Internetverbindung. 14:35:57
- Serververbindung konnte nicht hergestellt werden..
Error - 19.07.2011 11:55:24 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 17:55:24 - Fehler beim Herstellen der Internetverbindung. 17:55:24
- Serververbindung konnte nicht hergestellt werden..
Error - 19.07.2011 11:55:31 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 17:55:29 - Fehler beim Herstellen der Internetverbindung. 17:55:29
- Serververbindung konnte nicht hergestellt werden..
Error - 20.07.2011 09:14:28 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 15:14:28 - Fehler beim Herstellen der Internetverbindung. 15:14:28
- Serververbindung konnte nicht hergestellt werden..
Error - 20.07.2011 09:14:42 | Computer Name = ****-HP | Source = MCUpdate | ID = 0
Description = 15:14:34 - Fehler beim Herstellen der Internetverbindung. 15:14:34
- Serververbindung konnte nicht hergestellt werden..
Error - 20.07.2011 10:14:52 | Computer Name = *****-HP | Source = MCUpdate | ID = 0
Description = 16:14:52 - Fehler beim Herstellen der Internetverbindung. 16:14:52
- Serververbindung konnte nicht hergestellt werden..
Error - 20.07.2011 10:15:00 | Computer Name = ******-HP | Source = MCUpdate | ID = 0
Description = 16:14:57 - Fehler beim Herstellen der Internetverbindung. 16:14:57
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.11.2012 16:05:35 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 21.11.2012 16:17:43 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.11.2012 17:13:00 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.11.2012 17:17:04 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 23.11.2012 17:17:04 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.11.2012 17:34:28 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.11.2012 17:46:13 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.11.2012 18:33:49 | Computer Name = *****-HP | Source = DCOM | ID = 10016
Description =
Error - 25.11.2012 06:50:42 | Computer Name = *****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 25.11.2012 06:52:43 | Computer Name = *****-HP | Source = DCOM | ID = 10016
Description =
< End of report >
und hier der 2te Report davon:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.11.2012 16:18:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 59,90% Memory free 7,49 Gb Paging File | 5,57 Gb Available in Paging File | 74,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280,99 Gb Total Space | 188,12 Gb Free Space | 66,95% Space Free | Partition Type: NTFS Drive D: | 16,80 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: *******-HP | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (UI Assistant Service) -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe () SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys (Symantec Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AVerAF15DMBTH64) -- C:\Windows\SysNative\drivers\AVerAF15DMBTH64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110323.002\EX64.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110323.002\ENG64.SYS (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110317.002\IDSviA64.sys (Symantec Corporation) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {25C6B2F4-1AD4-414B-83C8-AC69C0BED2D5} IE:64bit: - HKLM\..\SearchScopes\{25C6B2F4-1AD4-414B-83C8-AC69C0BED2D5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2E7A6377-404B-49D0-B50C-E76E1BEC0E0B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C6B3AD09-CB95-4D97-91C5-2EF48095FDED}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{25C6B2F4-1AD4-414B-83C8-AC69C0BED2D5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2E7A6377-404B-49D0-B50C-E76E1BEC0E0B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{C6B3AD09-CB95-4D97-91C5-2EF48095FDED}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes,DefaultScope = {25C6B2F4-1AD4-414B-83C8-AC69C0BED2D5} IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=107763&mntrId=b8e9e0ed0000000000001c659d7617d6 IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{25C6B2F4-1AD4-414B-83C8-AC69C0BED2D5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{2E7A6377-404B-49D0-B50C-E76E1BEC0E0B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{4D11BBC1-EEFA-4776-BBD4-295AE1708556}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7d333774-2aaa-4223-bfa8-19a289b7a117&apn_sauid=BFE8E14B-C77D-4CF2-879E-D9DC1FFEC229 IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\SearchScopes\{C6B3AD09-CB95-4D97-91C5-2EF48095FDED}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.11.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7d333774-2aaa-4223-bfa8-19a289b7a117&apn_ptnrs=^AGS&apn_sauid=BFE8E14B-C77D-4CF2-879E-D9DC1FFEC229&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011.09.30 17:58:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2012.11.25 11:49:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 22:44:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 21:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2012.11.23 22:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\4j34lxtv.default\extensions [2012.11.23 22:59:16 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\4j34lxtv.default\extensions\toolbar@ask.com [2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\4j34lxtv.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2012.11.25 15:45:20 | 000,002,413 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\4j34lxtv.default\searchplugins\askcom.xml [2012.11.17 21:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001..\Run: [Spotify Web Helper] C:\Users\Carina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1726068294-3989815588-1007417781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B5909F-FF00-4870-962B-E3AEC2E6DE57}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49677935-831E-45EB-B3E3-D682609D37BF}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{506849F4-D1A4-4731-95B1-D0483A3C0832}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.25 16:17:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2012.11.23 23:02:52 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Avira [2012.11.23 22:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.23 22:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.11.23 22:55:54 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.23 22:55:54 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.23 22:55:54 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.23 22:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.21 22:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.21 22:01:04 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.11.21 22:01:04 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.21 22:00:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.21 22:00:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.21 22:00:48 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.19 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes [2012.11.19 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.19 21:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.19 21:56:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.19 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.18 20:30:14 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.18 20:30:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.18 20:28:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.18 20:28:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.18 20:28:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.18 20:28:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.18 20:28:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.18 20:28:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.18 20:28:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.18 20:28:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.18 20:28:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.18 20:28:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.18 20:28:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.18 20:28:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.18 20:28:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.18 20:28:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.18 20:28:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.18 20:22:49 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.18 20:22:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.18 20:22:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.18 20:22:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.17 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Youcam [2012.11.17 21:11:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla [2012.11.17 21:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.17 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.17 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.14 23:10:21 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 23:10:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.10.31 20:44:44 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Bilder von mir ========== Files - Modified Within 30 Days ========== [2012.11.25 16:17:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.11.25 11:59:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 11:59:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 11:56:58 | 001,487,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.25 11:56:58 | 000,649,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.25 11:56:58 | 000,611,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.25 11:56:58 | 000,129,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.25 11:56:58 | 000,105,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.25 11:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.25 11:49:25 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 22:57:06 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.21 22:00:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.21 22:00:26 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.21 22:00:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.21 22:00:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.21 22:00:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.11.19 21:56:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.18 20:36:27 | 000,281,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.17 21:11:45 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.15 10:39:36 | 000,001,615 | ---- | M] () -- C:\Users\*****\Desktop\DivX Movies.lnk [2012.11.10 23:21:13 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFoR*****.job [2012.11.07 18:48:19 | 000,032,608 | ---- | M] () -- C:\Windows\king-uninstall.exe [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.11.23 22:57:06 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.19 21:56:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.18 20:30:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.18 20:22:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.17 21:11:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.17 21:11:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.07 18:48:19 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe [2011.06.22 20:33:06 | 000,027,639 | ---- | C] () -- C:\Users\*******\AppData\Roaming\UserTile.png [2011.03.28 19:10:39 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini [2011.03.22 12:44:08 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.03.22 12:44:08 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.03.22 12:43:56 | 000,565,248 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2011.03.22 12:43:56 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2011.03.22 12:43:56 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2011.03.22 12:43:56 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.03.22 12:43:56 | 000,245,760 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2011.03.22 12:43:56 | 000,241,664 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.03.22 12:43:56 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2011.02.03 21:03:04 | 001,514,526 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.19 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Anthropics [2011.11.27 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2012.09.20 11:38:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2011.05.23 16:43:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.17 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ICQ [2011.12.02 15:27:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Get LLC [2011.03.15 16:43:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2012.10.22 16:06:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung [2011.05.23 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Shareaza [2012.11.15 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2012.11.23 23:18:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify [2011.02.03 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP [2011.01.26 01:32:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WildTangent [2012.11.17 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\*****\Downloads:Shareaza.GUID < End of report > Währe echt super lieb wenn mir da jemand weiter helfen konnte und vll so das es selbst ein computerdummimädchen :-P verstehen kann. mfg c. Geändert von helpme72 (25.11.2012 um 17:32 Uhr) |
|
26.11.2012, 04:28
| #2 |
| /// Helfer-Team  | Bundestrojaner endgültig entfernen? 1. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. ESET Online Scanner
3. Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
28.11.2012, 18:18
| #3 |
| | Bundestrojaner endgültig entfernen? Danke für die schnelle Antwort.
__________________ Das ist der Bericht zu Punkt 1: # AdwCleaner v2.008 - Datei am 28/11/2012 um 18:08:20 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : **** - ****-HP # Bootmodus : Normal # Ausgeführt unter : C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6OIH5LF\adwcleaner2.008.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : ICQ Service ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\4j34lxtv.default\searchplugins\Askcom.xml Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\******\AppData\Local\Babylon Ordner Gelöscht : C:\Users\******\AppData\Local\Conduit Ordner Gelöscht : C:\Users\******\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\******\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\******\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\******\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\******\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\******\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\4j34lxtv.default\extensions\toolbar@ask.com Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\4j34lxtv.default\prefs.js Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2"); Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true); Gelöscht : user_pref("extensions.asktb.cbid", "^AGS"); Gelöscht : user_pref("extensions.asktb.config-updated", false); Gelöscht : user_pref("extensions.asktb.crumb", "2012.11.23+13.54.57-toolbar007iad-DE-T2xkZW5idXJnLEdlcm1hbnk%3D[...] Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...] Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com"); Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com"); Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", ""); Gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true); Gelöscht : user_pref("extensions.asktb.fresh-install", false); Gelöscht : user_pref("extensions.asktb.guid", "7d333774-2aaa-4223-bfa8-19a289b7a117"); Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Gelöscht : user_pref("extensions.asktb.if", "first"); Gelöscht : user_pref("extensions.asktb.l", "dis"); Gelöscht : user_pref("extensions.asktb.last-config-req", "1354122409333"); Gelöscht : user_pref("extensions.asktb.locale", "de_DE"); Gelöscht : user_pref("extensions.asktb.localePref", true); Gelöscht : user_pref("extensions.asktb.location", "Oldenburg,Germany"); Gelöscht : user_pref("extensions.asktb.o", "APN10261"); Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Gelöscht : user_pref("extensions.asktb.qsrc", "2871"); Gelöscht : user_pref("extensions.asktb.r", "3"); Gelöscht : user_pref("extensions.asktb.sa", "YES"); Gelöscht : user_pref("extensions.asktb.saguid", "BFE8E14B-C77D-4CF2-879E-D9DC1FFEC229"); Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true); Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Gelöscht : user_pref("extensions.asktb.socialmini-first", true); Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000"); Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30"); Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true); Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000"); Gelöscht : user_pref("extensions.asktb.themeid", ""); Gelöscht : user_pref("extensions.asktb.timeinstalled", "23.11.2012 22:56:44"); Gelöscht : user_pref("extensions.asktb.to", ""); Gelöscht : user_pref("extensions.asktb.v", "3.15.11.100015"); Gelöscht : user_pref("extensions.asktb.version", "5.15.11.30498"); Gelöscht : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.11.100015,{972ce4c6-7e08-4474-a285-32081[...] Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...] ************************* AdwCleaner[S1].txt - [11453 octets] - [28/11/2012 18:08:20] ########## EOF - C:\AdwCleaner[S1].txt - [11514 octets] ########## |
|
29.11.2012, 05:16
| #4 |
| /// Helfer-Team | Bundestrojaner endgültig entfernen? Schritt 2 und 3? |
|
29.11.2012, 20:46
| #5 |
| | Bundestrojaner endgültig entfernen? Gibt es eine alternative zu Schritt 2??? Ich habe das gestern mal versucht aber da hatte er nach 3,5h erst 30% durchsucht/geladen und das kann dann ja ewig dauern  |
|
02.12.2012, 16:25
| #6 |
| /// Helfer-Team | Bundestrojaner endgültig entfernen? Dann lass es ueber nacht laufen.
__________________ --> Bundestrojaner endgültig entfernen? |
|
19.01.2013, 16:46
| #7 |
| /// Helfer-Team | Bundestrojaner endgültig entfernen? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Bundestrojaner endgültig entfernen? |
| avira, avira searchfree toolbar, bho, browser, browser.exe, bundestrojaner, bundestrojaner entfernen, ccc.exe, converter, desktop, diner dash, entfernen, error, euro, failed, festplatte, flash player, home, iexplore.exe, install.exe, jetzt alles wieder normal, logfile, malwareprogramm, microsoft office starter 2010, mozilla, mp3, plug-in, realtek, registry, richtlinie, security, server, software, spotify web helper, super, svchost.exe, symantec, usb, usb 2.0, viren |
